Fehlerhafte Google Verlinkung

DennisKn · 24.11.2009, 19:08

Hallo.
Ich habe wie viele andere ein ähnliches Problem mit meinem Moziall Firefox, bzw. google.de.
Seit gestern Abend werde ich zu 80 % auf unerwünschte Seiten verlinkt (meist h**p://us.chinaontv.com/sex_museum/index.html, aber auch ebay owohl nicht gewollt oder andere Suchseiten bzw. Werbeseiten).
Ich habe Firefox bereits neu installiert, AVG Virenscan laufen lassen und laut einigen Tipps in verschiedenen Foren SpyBot laufen lassen und anschließend HiJack This ausgeführt (anbei mein Bericht). Leider hat dies bisher nichts gebracht udn das Problem ist imme rnoch vorhanden.
Ich bitte Euch, laut der HiJack Empfehlung, meinen Bericht auszuwerten und mir ggfs. Tipps zu geben.
Vielen Dank bereits

AVG Scan:
"Objektname";"C:\Users\Dennis Knabe\AppData\Local\Temp\a.exe"
"Erkennungsname";"Trojaner: SHeur2.BTZV"
"Objekttyp";"Datei"
"SDK-Typ";"Kern"
"Ergebnis";"In Virenquarantäne verschoben"
"Aktionsverlauf";"In Virenquarantäne verschoben"

Warnungen:
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite:\yadro.ru.c77afad5";"Tracking cookie.Yadro gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite:\serving-sys.com.c9034af6";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite:\serving-sys.com.6a1cf9e8";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite:\serving-sys.com.606c3d3b";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite:\serving-sys.com.4b416ef8";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite:\serving-sys.com.400f83f";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite:\serving-sys.com.255d6f2f";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite:\ivwbox.de.41d82fe2";"Tracking cookie.Ivwbox gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite:\doubleclick.net.bf396750";"Tracking cookie.Doubleclick gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite:\adtech.de.a9245469";"Tracking cookie.Adtech gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite:\ad.yieldmanager.com.ff92306";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite:\ad.yieldmanager.com.8a47878";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite:\ad.yieldmanager.com.87a9ab5d";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite:\ad.yieldmanager.com.539b0606";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Mozilla\Firefox\Profiles\z68to92o.default\cookies.sqlite";"Tracking cookie.Ivwbox gefunden";"Neustart erforderlich, um die Aktion abzuschließen "
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\Low\dennis_knabe@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Tracking cookie.2o7 gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\Low\dennis_knabe@msnportal.112.2o7[1].txt";"Tracking cookie.2o7 gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\Low\dennis_knabe@ivwbox[1].txt:\ivwbox.de.41d82fe2";"Tracking cookie.Ivwbox gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\Low\dennis_knabe@ivwbox[1].txt";"Tracking cookie.Ivwbox gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\Low\dennis_knabe@atdmt[1].txt:\atdmt.com.9e6d7fd3";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\Low\dennis_knabe@atdmt[1].txt:\atdmt.com.74c5668";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\Low\dennis_knabe@atdmt[1].txt:\atdmt.com.7247c262";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\Low\dennis_knabe@atdmt[1].txt";"Tracking cookie.Atdmt gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@zedo[1].txt:\zedo.com.c1dd09f2";"Tracking cookie.Zedo gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@zedo[1].txt:\zedo.com.a5b6a132";"Tracking cookie.Zedo gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@zedo[1].txt:\zedo.com.27f1639b";"Tracking cookie.Zedo gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@zedo[1].txt";"Tracking cookie.Zedo gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@tradedoubler[1].txt:\tradedoubler.com.ef90aa95";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@tradedoubler[1].txt:\tradedoubler.com.eab0972e";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@tradedoubler[1].txt:\tradedoubler.com.dc3c9994";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@tradedoubler[1].txt";"Tracking cookie.Tradedoubler gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@stat.dealtime[1].txt:\stat.dealtime.com.f58c396a";"Tracking cookie.Dealtime gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@stat.dealtime[1].txt";"Tracking cookie.Dealtime gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@smartadserver[2].txt:\smartadserver.com.c5827141";"Tracking cookie.Smartadserver gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@smartadserver[2].txt:\smartadserver.com.bf8b766";"Tracking cookie.Smartadserver gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@smartadserver[2].txt:\smartadserver.com.5550c4ed";"Tracking cookie.Smartadserver gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@smartadserver[2].txt:\smartadserver.com.3e749ab9";"Tracking cookie.Smartadserver gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@smartadserver[2].txt:\smartadserver.com.321a5cf8";"Tracking cookie.Smartadserver gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@smartadserver[2].txt";"Tracking cookie.Smartadserver gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@serving-sys[1].txt:\serving-sys.com.c9034af6";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@serving-sys[1].txt:\serving-sys.com.6a1cf9e8";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@serving-sys[1].txt:\serving-sys.com.606c3d3b";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@serving-sys[1].txt:\serving-sys.com.4b416ef8";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@serving-sys[1].txt:\serving-sys.com.400f83f";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@serving-sys[1].txt:\serving-sys.com.255d6f2f";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@serving-sys[1].txt";"Tracking cookie.Serving-sys gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@questionmarket[2].txt:\questionmarket.com.4dd5e426";"Tracking cookie.Questionmarket gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@questionmarket[2].txt:\questionmarket.com.3eb5a9f1";"Tracking cookie.Questionmarket gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@questionmarket[2].txt";"Tracking cookie.Questionmarket gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@overture[1].txt:\overture.com.d727de6f";"Tracking cookie.Overture gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@overture[1].txt:\overture.com.bbef524a";"Tracking cookie.Overture gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@overture[1].txt:\overture.com.52ca467a";"Tracking cookie.Overture gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@overture[1].txt";"Tracking cookie.Overture gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@mediaplex[1].txt:\mediaplex.com.f652b123";"Tracking cookie.Mediaplex gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@mediaplex[1].txt:\mediaplex.com.dc30fb3c";"Tracking cookie.Mediaplex gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@mediaplex[1].txt";"Tracking cookie.Mediaplex gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@ivwbox[1].txt:\ivwbox.de.41d82fe2";"Tracking cookie.Ivwbox gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@ivwbox[1].txt";"Tracking cookie.Ivwbox gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@fastclick[1].txt:\fastclick.net.fac3d6f0";"Tracking cookie.Fastclick gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@fastclick[1].txt:\fastclick.net.8a6435e9";"Tracking cookie.Fastclick gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@fastclick[1].txt:\fastclick.net.57e8da10";"Tracking cookie.Fastclick gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@fastclick[1].txt";"Tracking cookie.Fastclick gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@doubleclick[2].txt:\doubleclick.net.bf396750";"Tracking cookie.Doubleclick gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@doubleclick[2].txt";"Tracking cookie.Doubleclick gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@dealtime[1].txt:\dealtime.com.48a2428c";"Tracking cookie.Dealtime gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@dealtime[1].txt";"Tracking cookie.Dealtime gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@bs.serving-sys[2].txt";"Tracking cookie.Serving-sys gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@atdmt[1].txt:\atdmt.com.b3e33b5f";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@atdmt[1].txt:\atdmt.com.9e6d7fd3";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@atdmt[1].txt:\atdmt.com.74c5668";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@atdmt[1].txt:\atdmt.com.7247c262";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@atdmt[1].txt";"Tracking cookie.Atdmt gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@advertising[1].txt:\advertising.com.f62113d5";"Tracking cookie.Advertising gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@advertising[1].txt:\advertising.com.b624fa46";"Tracking cookie.Advertising gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@advertising[1].txt:\advertising.com.525a5fb9";"Tracking cookie.Advertising gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@advertising[1].txt:\advertising.com.203aa218";"Tracking cookie.Advertising gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@advertising[1].txt:\advertising.com.1820df7a";"Tracking cookie.Advertising gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@advertising[1].txt";"Tracking cookie.Advertising gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@adtech[1].txt:\adtech.de.e2cdcc74";"Tracking cookie.Adtech gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@adtech[1].txt:\adtech.de.d08b10f0";"Tracking cookie.Adtech gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@adtech[1].txt:\adtech.de.a9245469";"Tracking cookie.Adtech gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@adtech[1].txt:\adtech.de.467f8571";"Tracking cookie.Adtech gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@adtech[1].txt";"Tracking cookie.Adtech gefunden";"Geheilt"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@ad.yieldmanager[1].txt:\ad.yieldmanager.com.eec26c3e";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@ad.yieldmanager[1].txt:\ad.yieldmanager.com.c982816c";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b4be891c";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@ad.yieldmanager[1].txt:\ad.yieldmanager.com.87a9ab5d";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\Dennis Knabe\AppData\Roaming\Microsoft\Windows\Cookies\dennis_knabe@ad.yieldmanager[1].txt";"Tracking cookie.Yieldmanager gefunden";"Geheilt"

Spybot:
keine Kopie gemacht und nich tmehr auffindbar.

HiJack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:01, on 24.11.2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\msa.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google SketchUp 7\SketchUp.exe
C:\Users\DENNIS~1\AppData\Local\Temp\b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SSHNAS] rundll32.exe C:\Windows\system32\sshnas.dll,DllWork
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 5744 bytes

nochmals vielen dank

Larusso · 25.11.2009, 10:46

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab.

Poste bitte alle Logfiles in Code-Tags.
Klicke antworten --> #
danach [code]text[/code]
So sollte das dann hier aussehen nach dem antworten:

Code:

ATTFilter

deine Logfile

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

schritt 1

Windows-Explorer öffnen (Windows-Taste + E) und unter => Extras => Ordneroptionen => im Reiter "Ansicht"

Dateien und Ordner: Erweiterungen bei bekannten Dateitypen ausblenden deaktivieren
Dateien und Ordner: Geschützte Systemdateien ausblenden (empfohlen) deaktivieren
Dateien und Ordner: Inhalte von Systemordnern anzeigen aktivieren (bei Vista nicht vorhanden)
Versteckte Dateien und Ordner: alle Dateien und Ordner anzeigen aktivieren

schritt 2

Teatimer abstellen

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.

schritt 3

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Code-Tags in Deinen Thread

schritt 4

Während dieser Scans soll(en):

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Rootkitscan mit RootRepeal

Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
Entpacke die Datei auf Deinen Desktop.
Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
Klicke auf den Reiter Report und dann auf den Button Scan.
Mache einen Haken bei den folgenden Elementen und klicke Ok.
.
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT
.
Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
Wähle C:\ und klicke wieder Ok.
Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
Wenn der Suchlauf beendet ist, klicke auf Save Report.
Speichere das Logfile als RootRepeal.txt auf dem Desktop.
Kopiere den Inhalt hier in den Thread.

Manche Logfiles sind ziemlich lange, bitte in mehrere Posts aufteilen

Stylo22 · 11.02.2010, 23:41

Hi,
Ich muss dieses Thema wieder rausholen weil ich exakt den gleichen Fehler hatte. Immer wenn ich bei Google was angeklickt habe kam dieses h**p://us.chinaontv.com/sex_museum/index.html oder Ebay oder die Startseite von Google. Leider hat sich das Problem nicht gebessert mittlerweile geht das Internet im Firefox gar nicht mehr

komischerweise geht beim Iexplore alles einwandfrei! Der Antivir beschwert sich über die C:\WINDOWS\system32\sshnas.dll kann sie aber nicht löschen auch manuell nicht.

Hier mein OTL.txt

Code:

ATTFilter

OTL logfile created on: 11.02.2010 23:20:50 - Run 1
OTL by OldTimer - Version 3.1.28.0     Folder = C:\Dokumente und Einstellungen\Databussines@Home\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,50 Gb Total Space | 1,71 Gb Free Space | 2,30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DELL-DIMENSION
Current User Name: Databussines@Home
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.02.11 23:16:09 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Databussines@Home\Desktop\OTL.exe
PRC - [2009.11.12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Programme\iTunes\iTunesHelper.exe
PRC - [2009.11.12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Programme\iPod\bin\iPodService.exe
PRC - [2009.09.16 12:05:13 | 000,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009.08.28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.01 21:20:12 | 000,222,968 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.12.12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Programme\Bonjour\mDNSResponder.exe
PRC - [2008.05.03 04:46:00 | 000,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007.05.11 02:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2007.03.18 23:05:02 | 000,630,784 | ---- | M] () -- C:\Programme\Vista Inspirat 2\RocketDock\RocketDock.exe
PRC - [2006.05.21 08:43:14 | 000,155,648 | ---- | M] (Y'z@Home) -- C:\Programme\Vista Inspirat 2\YzShadow\YzShadow.exe
PRC - [2006.05.21 08:43:08 | 000,180,224 | ---- | M] () -- C:\Programme\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
PRC - [2004.08.03 23:58:22 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004.08.03 23:57:54 | 001,542,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.02.11 23:16:09 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Databussines@Home\Desktop\OTL.exe
MOD - [2007.03.18 23:04:22 | 000,069,632 | ---- | M] () -- C:\Programme\Vista Inspirat 2\RocketDock\RocketDock.dll
MOD - [2006.05.21 08:43:14 | 000,053,248 | ---- | M] () -- C:\Programme\Vista Inspirat 2\YzShadow\YzShadow.dll
MOD - [2006.05.21 08:43:08 | 000,065,536 | ---- | M] () -- C:\Programme\Vista Inspirat 2\UberIcon\UberIcon.dll
MOD - [2006.05.03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004.08.03 23:54:28 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.01.29 16:52:03 | 002,431,024 | ---- | M] () [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Akamai\rswin_3647.dll -- (Akamai)
SRV - [2009.12.22 22:31:47 | 000,277,504 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\sshnas.dll -- (SSHNAS)
SRV - [2009.12.05 00:54:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [Disabled | Running] -- C:\Programme\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009.09.16 12:05:13 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009.08.28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.07 22:12:25 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009.06.01 21:20:12 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.05.17 21:04:00 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.12.12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008.05.03 04:46:00 | 000,159,812 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trojaner-board.de/79723-fehlerhafte-google-verlinkung.html
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 213.202.238.46:8888
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..network.proxy.backup.ftp: "63.149.98.90"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "63.149.98.90"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: "63.149.98.90"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "80.237.140.233"
FF - prefs.js..network.proxy.ftp_port: 8000
FF - prefs.js..network.proxy.gopher: "80.237.140.233"
FF - prefs.js..network.proxy.gopher_port: 8000
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 445
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "80.237.140.233"
FF - prefs.js..network.proxy.socks_port: 8000
FF - prefs.js..network.proxy.ssl: "80.237.140.233"
FF - prefs.js..network.proxy.ssl_port: 8000
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.02.11 22:35:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.02.10 23:23:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.01.04 14:27:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.01.04 14:27:10 | 000,000,000 | ---D | M]
 
[2009.10.10 22:06:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\Mozilla\Extensions
[2010.02.10 23:33:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\Mozilla\Firefox\Profiles\j7l0qog5.default\extensions
[2009.04.26 16:27:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\Mozilla\Firefox\Profiles\j7l0qog5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.10.11 22:36:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\Mozilla\Firefox\Profiles\j7l0qog5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.10.10 22:09:19 | 000,000,000 | ---D | M] (myFireFox) -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\Mozilla\Firefox\Profiles\j7l0qog5.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2009.03.23 22:49:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\Mozilla\Firefox\Profiles\j7l0qog5.default\extensions\moveplayer@movenetworks.com
[2008.07.20 18:27:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\Mozilla\Firefox\Profiles\j7l0qog5.default\extensions\yyginstantplay@yoyogames.com
[2010.02.09 18:35:47 | 000,000,955 | ---- | M] () -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\Mozilla\Firefox\Profiles\j7l0qog5.default\searchplugins\icqplugin.xml
[2010.02.10 23:33:36 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2002.08.29 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  File not found
O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - C:\WINDOWS\system32\iebho.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O4 - HKLM..\Run: [44850122] C:\DOKUME~1\ALLUSE~1\ANWEND~1\44850122\44850122.exe File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTFMON] C:\WINDOWS\Temp\_ex-08.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NiwradSoft Welcome] C:\WINDOWS\NiwradSoft Shell Pack\Tools\NS Welcome.exe (NiwradSoft)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [prunnet] C:\WINDOWS\System32\prunnet.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [prunnet] C:\WINDOWS\System32\prunnet.exe File not found
O4 - HKCU..\Run: [RocketDock] C:\Programme\Vista Inspirat 2\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Databussines@Home\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Databussines@Home\Startmenü\Programme\Autostart\RocketDock.lnk = C:\Programme\Vista Inspirat 2\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Databussines@Home\Startmenü\Programme\Autostart\TransBar.lnk = C:\Programme\Vista Inspirat 2\TransBar\TransBar.exe (AKSoftware)
O4 - Startup: C:\Dokumente und Einstellungen\Databussines@Home\Startmenü\Programme\Autostart\UberIcon.lnk = C:\Programme\Vista Inspirat 2\UberIcon\UberIcon Manager.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Databussines@Home\Startmenü\Programme\Autostart\Y'z Shadow.lnk = C:\Programme\Vista Inspirat 2\YzShadow\YzShadow.exe (Y'z@Home)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.01.08 02:01:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765057741324288)
 
========== Files/Folders - Created Within 14 Days ==========
 
[2010.02.11 23:16:06 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Databussines@Home\Desktop\OTL.exe
[2010.02.11 23:01:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.02.11 23:01:23 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.02.11 23:01:23 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.02.11 23:01:23 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.02.11 23:01:23 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.02.11 23:01:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.02.10 22:30:29 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK2.dll
[2010.02.10 22:30:29 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICEntry.dll
[2010.02.10 22:30:29 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK.dll
[2010.02.10 22:30:26 | 000,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EpPicPrt.dll
[2010.02.10 22:30:26 | 000,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EPPicMgr.dll
[2010.02.10 22:30:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\EPSON
[2010.02.10 22:29:22 | 000,049,152 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\E_DCINST.DLL
[2010.02.10 22:29:21 | 000,075,264 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FLBBVE.DLL
[2010.02.10 22:29:21 | 000,062,976 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FD4BBVE.DLL
[2010.02.10 22:28:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2010.02.10 22:27:45 | 000,000,000 | ---D | C] -- C:\Programme\epson
[2010.02.10 22:27:44 | 000,061,952 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escwiad.dll
[2010.02.09 23:00:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\44850122
[2010.01.30 19:10:07 | 000,000,000 | ---D | C] -- C:\Programme\Worms Armageddon
[2010.01.29 22:05:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Databussines@Home\Desktop\Headhunterz-Scrap_Attack-(Defqon.1_Anthem)-WEB-2009-UKHx
[2009.12.23 15:27:57 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2009.12.08 19:52:31 | 000,973,312 | ---- | C] (James Chapman) -- C:\Programme\VUMeter.exe
[2009.12.05 00:21:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2009.12.05 00:19:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2009.05.20 23:19:00 | 000,278,528 | ---- | C] (revocatorio) -- C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Anwendungsdaten\kekcoqm.exe
[2009.05.16 13:50:53 | 000,019,080 | ---- | C] (   ) -- C:\WINDOWS\System32\drivers\SMIMB.SYS
[2008.06.08 19:49:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2008.06.08 19:45:47 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2002.04.11 08:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files - Modified Within 14 Days ==========
 
[2010.02.11 23:16:09 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Databussines@Home\Desktop\OTL.exe
[2010.02.11 22:59:31 | 000,000,721 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.02.11 22:59:31 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.02.11 22:59:31 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010.02.11 22:56:00 | 000,000,264 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.02.11 16:03:01 | 006,553,600 | -H-- | M] () -- C:\Dokumente und Einstellungen\Databussines@Home\NTUSER.DAT
[2010.02.11 15:21:50 | 000,177,751 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.02.11 15:21:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.02.11 15:21:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.02.11 15:21:29 | 1608,667,136 | -HS- | M] () -- C:\hiberfil.sys
[2010.02.11 00:20:20 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Databussines@Home\ntuser.ini
[2010.02.11 00:20:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\shutdown.job
[2010.02.10 23:23:09 | 000,001,585 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.02.10 22:33:42 | 001,500,182 | ---- | M] () -- C:\Dokumente und Einstellungen\Databussines@Home\Desktop\img001.jpg
[2010.02.10 22:27:50 | 000,000,684 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\EPSON Scan.lnk
[2010.02.10 22:27:15 | 000,000,025 | ---- | M] () -- C:\WINDOWS\CDE DX5000EFDG.ini
[2010.02.10 22:03:07 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.02.09 23:00:24 | 000,253,440 | ---- | M] () -- C:\WINDOWS\System32\iebho.dll
[2010.02.08 21:45:04 | 000,162,727 | ---- | M] () -- C:\Dokumente und Einstellungen\Databussines@Home\Desktop\Ebay.pdf
[2010.02.07 00:23:53 | 000,065,536 | ---- | M] () -- C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.05 22:46:22 | 000,022,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Databussines@Home\Desktop\tbanebay.doc
[2010.02.05 21:49:48 | 000,019,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Databussines@Home\Desktop\Hallo1.doc
[2010.02.04 23:01:57 | 000,363,008 | ---- | M] () -- C:\Dokumente und Einstellungen\Databussines@Home\Desktop\Luft mit Winkel(1)(1).xls
[2010.02.01 16:32:18 | 000,019,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Databussines@Home\Desktop\moneten2.xls
[2010.02.01 01:44:04 | 003,516,726 | -H-- | M] () -- C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.02.10 23:23:09 | 000,001,585 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.02.10 22:33:41 | 001,500,182 | ---- | C] () -- C:\Dokumente und Einstellungen\Databussines@Home\Desktop\img001.jpg
[2010.02.10 22:30:29 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010.02.10 22:30:26 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010.02.10 22:30:26 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010.02.10 22:30:26 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010.02.10 22:30:26 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010.02.10 22:30:26 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010.02.10 22:30:26 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010.02.10 22:30:26 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010.02.10 22:30:26 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010.02.10 22:30:26 | 000,006,442 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_IT.cfg
[2010.02.10 22:30:26 | 000,006,335 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_GE.cfg
[2010.02.10 22:30:26 | 000,006,103 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
[2010.02.10 22:30:26 | 000,005,817 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_KO.cfg
[2010.02.10 22:30:26 | 000,005,436 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_SC.cfg
[2010.02.10 22:30:26 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010.02.10 22:30:26 | 000,002,889 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_RU.cfg
[2010.02.10 22:30:26 | 000,002,426 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_TC.cfg
[2010.02.10 22:30:26 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010.02.10 22:30:26 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010.02.10 22:30:26 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010.02.10 22:30:26 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010.02.10 22:30:26 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010.02.10 22:30:26 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010.02.10 22:30:26 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010.02.10 22:30:26 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010.02.10 22:30:26 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010.02.10 22:30:25 | 000,013,732 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
[2010.02.10 22:30:25 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
[2010.02.10 22:30:25 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
[2010.02.10 22:30:25 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
[2010.02.10 22:30:25 | 000,006,122 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_DU.cfg
[2010.02.10 22:30:24 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
[2010.02.10 22:27:50 | 000,000,684 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\EPSON Scan.lnk
[2010.02.10 22:27:15 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini
[2010.02.09 23:00:24 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\iebho.dll
[2010.02.08 21:46:30 | 000,162,727 | ---- | C] () -- C:\Dokumente und Einstellungen\Databussines@Home\Desktop\Ebay.pdf
[2010.02.05 22:42:00 | 000,022,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Databussines@Home\Desktop\tbanebay.doc
[2010.02.05 21:42:23 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\Databussines@Home\Desktop\Hallo1.doc
[2010.02.04 23:01:55 | 000,363,008 | ---- | C] () -- C:\Dokumente und Einstellungen\Databussines@Home\Desktop\Luft mit Winkel(1)(1).xls
[2010.01.28 23:59:45 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\shutdown.job
[2010.01.28 23:50:51 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Databussines@Home\Desktop\moneten2.xls
[2010.01.28 16:30:03 | 000,000,059 | ---- | C] () -- C:\WINDOWS\basscad.ini
[2010.01.04 20:46:53 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\winscp.rnd
[2009.12.23 10:59:44 | 000,682,266 | ---- | C] () -- C:\Programme\unins000.exe
[2009.12.23 10:59:44 | 000,002,910 | ---- | C] () -- C:\Programme\unins000.dat
[2009.12.22 22:31:43 | 000,277,504 | ---- | C] () -- C:\WINDOWS\System32\sshnas.dll
[2009.09.20 00:03:59 | 000,000,037 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.07.31 20:17:17 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.06.19 19:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009.06.10 17:09:13 | 010,440,704 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda
[2009.05.21 05:24:48 | 000,001,683 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.05.20 23:19:00 | 000,316,317 | ---- | C] () -- C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Anwendungsdaten\kekcoqm_nav.dat
[2009.05.20 23:19:00 | 000,003,241 | ---- | C] () -- C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Anwendungsdaten\kekcoqm.dat
[2009.05.20 23:19:00 | 000,000,364 | ---- | C] () -- C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Anwendungsdaten\kekcoqm_navps.dat
[2009.05.16 13:50:53 | 000,016,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\pu20sysd.sys
[2009.05.14 19:05:13 | 000,000,236 | ---- | C] () -- C:\WINDOWS\MeineCpu.ini
[2009.03.07 20:39:13 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008.12.21 21:25:33 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008.12.21 21:25:33 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008.12.21 21:25:33 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008.12.21 21:20:39 | 000,000,220 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008.12.16 18:45:55 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2008.12.16 18:43:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008.12.13 22:18:01 | 000,000,044 | ---- | C] () -- C:\WINDOWS\LDraw.INI
[2008.11.28 14:45:05 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.11.03 16:39:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.10.08 18:56:49 | 000,000,136 | ---- | C] () -- C:\WINDOWS\Realflight.INI
[2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.09.16 01:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.09.16 01:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008.09.16 01:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.07.18 14:00:09 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2008.07.18 13:59:37 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008.06.25 19:23:30 | 000,000,249 | ---- | C] () -- C:\WINDOWS\emug3.ini
[2008.06.25 19:12:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008.06.25 18:59:26 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.06.16 16:22:32 | 000,065,536 | ---- | C] () -- C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.15 10:40:54 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.06.09 16:00:21 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini
[2008.06.09 16:00:21 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008.06.09 15:48:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2008.06.08 20:18:49 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2008.05.03 04:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.05.03 04:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.05.03 04:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.05.03 04:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.05.03 04:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.09.09 17:28:52 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[2005.05.03 18:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2003.10.02 17:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2002.08.29 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1999.01.23 02:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2008.10.26 14:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy
[2010.02.10 00:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\44850122
[2009.04.30 16:58:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2009.04.08 19:15:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Codemasters
[2010.02.10 22:29:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2009.07.13 15:25:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2008.07.18 14:00:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2008.11.19 18:47:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Synetic
[2009.09.20 00:11:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.08.23 15:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Test Drive Unlimited
[2009.02.24 17:00:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2009.04.17 13:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WhiteCap (Holiday Edition)
[2008.07.20 18:59:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YoYoGames
[2010.01.04 14:29:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.02.09 22:40:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\Canneverbe_Limited
[2008.11.15 23:07:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\Capcom
[2009.05.17 21:28:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\concept design
[2008.06.25 18:59:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\DAEMON Tools
[2009.05.16 00:14:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\Desktopicon
[2009.12.27 03:58:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\DisplayFusion
[2010.02.10 22:30:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\EPSON
[2009.03.16 20:30:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\FMZilla
[2010.01.04 21:23:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\GHISLER
[2009.03.24 11:57:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\ICQ
[2008.11.28 14:43:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\Leadertech
[2008.12.10 19:51:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\LEGO Company
[2008.07.18 14:00:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\MAGIX
[2009.05.06 15:57:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\MB-Ruler
[2009.06.06 17:08:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\ProtectDisc
[2008.07.20 18:47:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\Recorder
[2009.01.16 13:00:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\Samsung
[2008.09.21 18:48:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\SPORE
[2008.12.26 11:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\SYDATEC
[2008.06.10 16:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\Thunderbird
[2009.02.24 17:00:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\Ubisoft
[2009.12.27 03:06:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\uTorrent
[2010.01.08 01:44:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Databussines@Home\Anwendungsdaten\XLink Kai
[2010.02.11 00:20:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\shutdown.job
[2010.02.11 22:56:00 | 000,000,264 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2002.08.29 13:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004.08.03 23:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\eventlog.dll
[2004.08.03 23:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2002.08.29 13:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004.08.03 23:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\scecli.dll
[2004.08.03 23:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2002.08.29 13:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004.08.03 23:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\netlogon.dll
[2004.08.03 23:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
 
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
 
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
 
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
 
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
 
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
 
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2002.08.29 13:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
 
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
 
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004.08.03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\agp440.sys
[2004.08.03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
 
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
 
< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
< End of report >

Stylo22 · 11.02.2010, 23:42

Hier noch mein Extras.txt. Hilfe! ich werde aus den Listen nicht schlau!

Code:

ATTFilter

OTL Extras logfile created on: 11.02.2010 23:20:50 - Run 1
OTL by OldTimer - Version 3.1.28.0     Folder = C:\Dokumente und Einstellungen\Databussines@Home\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,50 Gb Total Space | 1,71 Gb Free Space | 2,30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DELL-DIMENSION
Current User Name: Databussines@Home
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Programme\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Programme\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programme\Atari\Test Drive Unlimited\TestDriveUnlimited.exe" = C:\Programme\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited -- File not found
"C:\Programme\Softick\PPP\Bin\pppgate.exe" = C:\Programme\Softick\PPP\Bin\pppgate.exe:*:Enabled:Win32 PPP Server -- File not found
"C:\Sierra\Empire Earth\Empire Earth.exe" = C:\Sierra\Empire Earth\Empire Earth.exe:*:Disabled:Empire Earth -- File not found
"C:\Programme\Free Music Zilla\FMZilla.exe" = C:\Programme\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
"C:\Programme\Race Driver Grid\GRID.exe" = C:\Programme\Race Driver Grid\GRID.exe:*:Disabled:GRID Executable -- (Codemasters)
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- ()
"C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled:  -- ()
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe" = C:\Programme\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Programme\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Programme\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programme\devolo\informer\devinf.exe" = C:\Programme\devolo\informer\devinf.exe:*:Enabled:devolo Informer -- (devolo AG)
"C:\Programme\Empire Earth\Empire Earth.exe" = C:\Programme\Empire Earth\Empire Earth.exe:*:Disabled:Empire Earth -- ()
"C:\Programme\XLink Kai\kaiEngine.exe" = C:\Programme\XLink Kai\kaiEngine.exe:*:Enabled:XLink Kai Evolution 7 Engine -- (http://www.teamxlink.co.uk (Team XLink))
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Disabled:Assassin's Creed Dx10 -- (Ubisoft)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Disabled:Assassin's Creed Dx9 -- (Ubisoft)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Disabled:Assassin's Creed Update -- (Ubisoft)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Capcom\MotoGP 08 Demo\MotoGP 08\Launcher.exe" = C:\Programme\Capcom\MotoGP 08 Demo\MotoGP 08\Launcher.exe:*:Disabled:MotoGP 08 -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Temp\Rar$EX03.813\Samsung XXXX Java Uploader 1.1.exe" = C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Temp\Rar$EX03.813\Samsung XXXX Java Uploader 1.1.exe:*:Disabled:Samsung XXXX Java Uploader 1.1 -- File not found
"C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Temp\Rar$EX00.828\Samsung XXXX Java Uploader 1.1.exe" = C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Temp\Rar$EX00.828\Samsung XXXX Java Uploader 1.1.exe:*:Disabled:Samsung XXXX Java Uploader 1.1 -- File not found
"C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Temp\Rar$EX00.765\Samsung XXXX Java Uploader 1.1.exe" = C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Temp\Rar$EX00.765\Samsung XXXX Java Uploader 1.1.exe:*:Disabled:Samsung XXXX Java Uploader 1.1 -- File not found
"C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Temp\Rar$EX00.750\Samsung XXXX Java Uploader 1.1.exe" = C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Temp\Rar$EX00.750\Samsung XXXX Java Uploader 1.1.exe:*:Disabled:Samsung XXXX Java Uploader 1.1 -- File not found
"C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Temp\Rar$EX00.422\Samsung XXXX Java Uploader 1.1.exe" = C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Temp\Rar$EX00.422\Samsung XXXX Java Uploader 1.1.exe:*:Disabled:Samsung XXXX Java Uploader 1.1 -- File not found
"C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Temp\Rar$EX00.187\Samsung XXXX Java Uploader 1.1.exe" = C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Temp\Rar$EX00.187\Samsung XXXX Java Uploader 1.1.exe:*:Disabled:Samsung XXXX Java Uploader 1.1 -- File not found
"C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Temp\Rar$EX00.125\Samsung XXXX Java Uploader 1.1.exe" = C:\Dokumente und Einstellungen\Databussines@Home\Lokale Einstellungen\Temp\Rar$EX00.125\Samsung XXXX Java Uploader 1.1.exe:*:Disabled:Samsung XXXX Java Uploader 1.1 -- File not found
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe:*:Disabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Disabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Programme\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe" = C:\Programme\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:*:Disabled:Tom Clancy's H.A.W.X -- File not found
"C:\Programme\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe" = C:\Programme\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:*:Disabled:Tom Clancy's H.A.W.X -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13AA6556-BA96-4468-A8B4-1AD4A75AD5A0}" = Logitech Gaming Software
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EECEB40-3EE2-4762-872D-264346A26B84}_is1" = Rubber Ninjas Demo 1.05
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C3CE73B-E7B8-4979-8740-1476C5CBDEBA}" = Corona Visualization Plug-in for WMP
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87C24822-389C-45AA-9E75-0757B8F1A892}" = XLink Kai
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP3c
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = WG111v2 Configuration Utility
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Hama Wireless LAN Adapter
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EB371786-9449-4ED8-B47A-032467A58CAD}" = CamStudio
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface
"Anti-Twin 2009-05-15 23.43.54" = Anti-Twin (Installation 15.05.2009)
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.1.5
"Benutzerhandbuch ESDX5000_CX4900" = Benutzerhandbuch ESDX5000_CX4900
"CCleaner" = CCleaner (remove only)
"Click MusicalKEYS_is1" = Click MusicalKEYS 3.0.214
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Device Control" = Gerätesteuerung
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition
"FL Studio 9" = FL Studio 9
"Fraps" = Fraps (remove only)
"Free Music Zilla_is1" = Free Music Zilla
"Game Maker 7.0" = Game Maker 7.0
"Hardcore" = Hardcore
"ICQToolbar" = ICQ Toolbar
"IL Download Manager" = IL Download Manager
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{EB371786-9449-4ED8-B47A-032467A58CAD}" = CamStudio
"IsoBuster_is1" = IsoBuster 2.4
"kekcoqm" = Favorit
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.250 (D)
"Munic-Heli-Masters-2" = Munic-Heli-Masters-2
"MunichHeliMasters Screensaver1" = MunichHeliMasters Screensaver1
"NetMeter_is1" = NetMeter 1.1.3
"New LEGO Digital Designer" = LEGO Digital Designer
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0
"Phun_is1" = Phun beta 4.22
"PoiZone" = PoiZone
"POV-Ray for Windows v3.1" = POV-Ray for Windows v3.1
"POV-Ray for Windows v3.5" = POV-Ray for Windows v3.5
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"prunnet" = Advertisement Service
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.146
"RealFlightG4Pro" = RealFlight G4 R/C Simulator
"RealPlayer 6.0" = RealPlayer
"reFX Nexus 1.3.0_is1" = reFX Nexus 1.3.0
"reFX Nexus 1.4.1_is1" = reFX Nexus 1.4.1
"Sakura" = Sakura
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Sawer" = Sawer
"Serious Samurize" = Serious Samurize
"Seven Remix XP" = Seven Remix XP 2.31
"Sonic Charge µTonic VST" = Sonic Charge µTonic VST
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.01
"SPEAKER" = Creative Lautsprechereinstellungen
"Spectrum Analyzer pro Live" = Spectrum Analyzer pro Live
"ST6UNST #1" = Recorder
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"Synapse Junglist VSTi v3.2" = Synapse Junglist VSTi v3.2
"SynapseHydra_is1" = Hydra VSTi/DXi v1.2 Demo
"SystemRequirementsLab" = System Requirements Lab
"Toxic Biohazard" = Toxic Biohazard
"Tunatic" = Tunatic
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 0.9.4
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinISD beta" = WinISD beta
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.5
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMedia Recode" = XMedia Recode 2.1.8.4
"Zattoo" = Zattoo 3.3.4 Beta
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Kellogg's Mix Master" = Kellogg's Mix Master
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.01.2010 17:22:01 | Computer Name = DELL-DIMENSION | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung applemobiledevicehelper.exe, Version 8.4.599.1,
 fehlgeschlagenes Modul msvcrt.dll, Version 7.0.2600.2180, Fehleradresse 0x00037631.
 
Error - 06.01.2010 19:31:07 | Computer Name = DELL-DIMENSION | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung realplay.exe, Version 11.0.0.446, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 28.01.2010 12:03:05 | Computer Name = DELL-DIMENSION | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.1.3642, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0xeb32eb66.
 
Error - 06.02.2010 19:18:55 | Computer Name = DELL-DIMENSION | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung realplay.exe, Version 11.0.0.446, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 09.02.2010 18:31:04 | Computer Name = DELL-DIMENSION | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung _ex-08.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul _ex-08.exe, Version 0.0.0.0, Fehleradresse 0x00031320.
 
Error - 11.02.2010 10:32:10 | Computer Name = DELL-DIMENSION | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung _ex-08.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul _ex-08.exe, Version 0.0.0.0, Fehleradresse 0x00001f46.
 
Error - 11.02.2010 11:07:36 | Computer Name = DELL-DIMENSION | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung escndv.exe, Version 2.9.0.1, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 11.02.2010 11:08:18 | Computer Name = DELL-DIMENSION | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung escndv.exe, Version 2.9.0.1, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 11.02.2010 11:08:37 | Computer Name = DELL-DIMENSION | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung escndv.exe, Version 2.9.0.1, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 11.02.2010 11:09:20 | Computer Name = DELL-DIMENSION | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung escndv.exe, Version 2.9.0.1, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 06.02.2010 05:07:42 | Computer Name = DELL-DIMENSION | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.220.109 deaktiviert,
 da  die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt,  von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern  Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird,  oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses  Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 06.02.2010 18:52:47 | Computer Name = DELL-DIMENSION | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.220.109 deaktiviert,
 da  die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt,  von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern  Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird,  oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses  Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 07.02.2010 18:53:45 | Computer Name = DELL-DIMENSION | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.220.109 deaktiviert,
 da  die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt,  von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern  Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird,  oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses  Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 08.02.2010 16:27:15 | Computer Name = DELL-DIMENSION | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.220.109 deaktiviert,
 da  die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt,  von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern  Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird,  oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses  Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 09.02.2010 12:49:07 | Computer Name = DELL-DIMENSION | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.220.109 deaktiviert,
 da  die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt,  von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern  Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird,  oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses  Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 10.02.2010 17:03:43 | Computer Name = DELL-DIMENSION | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.220.109 deaktiviert,
 da  die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt,  von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern  Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird,  oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses  Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 10.02.2010 18:32:58 | Computer Name = DELL-DIMENSION | Source = Service Control Manager | ID = 7034
Description = Dienst "ICQ Service" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 11.02.2010 10:22:13 | Computer Name = DELL-DIMENSION | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.220.109 deaktiviert,
 da  die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt,  von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern  Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird,  oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses  Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 11.02.2010 11:10:11 | Computer Name = DELL-DIMENSION | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst stisvc.
 
Error - 11.02.2010 11:10:41 | Computer Name = DELL-DIMENSION | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst stisvc.
 
 
< End of report >

Stylo22 · 11.02.2010, 23:46

So der vorerst letzte RootRepeal.txt

Code:

ATTFilter

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/02/11 23:33
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB6F32000	Size: 98304	File Visible: No	Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE20000	Size: 8192	File Visible: No	Signed: -
Status: -

Name: PCI_PNP1154
Image Path: \Driver\PCI_PNP1154
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB50C3000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: splo.sys
Image Path: splo.sys
Address: 0xBA6A7000	Size: 1048576	File Visible: No	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 041	Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xbaf54e66

#: 053	Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xbaf54e5c

#: 063	Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xbaf54e6b

#: 065	Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xbaf54e75

#: 071	Function Name: NtEnumerateKey
Status: Hooked by "splo.sys" at address 0xba6c6ca2

#: 073	Function Name: NtEnumerateValueKey
Status: Hooked by "splo.sys" at address 0xba6c7030

#: 098	Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xbaf54e7a

#: 119	Function Name: NtOpenKey
Status: Hooked by "splo.sys" at address 0xba6a80c0

#: 122	Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xbaf54e48

#: 128	Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xbaf54e4d

#: 160	Function Name: NtQueryKey
Status: Hooked by "splo.sys" at address 0xba6c7108

#: 177	Function Name: NtQueryValueKey
Status: Hooked by "splo.sys" at address 0xba6c6f88

#: 193	Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xbaf54e84

#: 204	Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xbaf54e7f

#: 247	Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xbaf54e70

#: 257	Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xbaf54e57

Stealth Objects
-------------------
Object: Hidden Module [Name: iebho.dll]
Process: Explorer.EXE (PID: 1776)	Address: 0x040f0000	Size: 368640

Object: Hidden Module [Name: iebho.dll]
Process: Explorer.EXE (PID: 1776)	Address: 0x04820000	Size: 368640

Object: Hidden Module [Name: iebho.dll]
Process: Explorer.EXE (PID: 1776)	Address: 0x04c90000	Size: 368640

Object: Hidden Module [Name: iebho.dll]
Process: Explorer.EXE (PID: 1776)	Address: 0x04e50000	Size: 368640

Object: Hidden Module [Name: iebho.dll]
Process: Explorer.EXE (PID: 1776)	Address: 0x05030000	Size: 368640

Object: Hidden Module [Name: iebho.dll]
Process: Explorer.EXE (PID: 1776)	Address: 0x05e50000	Size: 368640

Object: Hidden Module [Name: iebho.dll]
Process: iexplore.exe (PID: 3588)	Address: 0x01ad0000	Size: 368640

Object: Hidden Module [Name: iebho.dll]
Process: iexplore.exe (PID: 3588)	Address: 0x06870000	Size: 368640

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System	Address: 0x89a661f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System	Address: 0x89a671f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System	Address: 0x89a671f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x89a671f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x89a671f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System	Address: 0x89a671f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x89a671f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System	Address: 0x89a671f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System	Address: 0x897251f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System	Address: 0x897251f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System	Address: 0x897251f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System	Address: 0x897251f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x897251f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x897251f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x897251f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x897251f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System	Address: 0x897251f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x897251f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System	Address: 0x897251f8	Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CREATE]
Process: System	Address: 0x898991f8	Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CLOSE]
Process: System	Address: 0x898991f8	Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_READ]
Process: System	Address: 0x898991f8	Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_WRITE]
Process: System	Address: 0x898991f8	Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x898991f8	Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x898991f8	Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_POWER]
Process: System	Address: 0x898991f8	Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x898991f8	Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_PNP]
Process: System	Address: 0x898991f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System	Address: 0x898be1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System	Address: 0x898be1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x898be1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x898be1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System	Address: 0x898be1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x898be1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System	Address: 0x898be1f8	Size: 121

Object: Hidden Code [Driver: avuehqn0Ѕ扏煓Ёం浍瑓፜, IRP_MJ_CREATE]
Process: System	Address: 0x897371f8	Size: 121

Object: Hidden Code [Driver: avuehqn0Ѕ扏煓Ёం浍瑓፜, IRP_MJ_CLOSE]
Process: System	Address: 0x897371f8	Size: 121

Object: Hidden Code [Driver: avuehqn0Ѕ扏煓Ёం浍瑓፜, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x897371f8	Size: 121

Object: Hidden Code [Driver: avuehqn0Ѕ扏煓Ёం浍瑓፜, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x897371f8	Size: 121

Object: Hidden Code [Driver: avuehqn0Ѕ扏煓Ёం浍瑓፜, IRP_MJ_POWER]
Process: System	Address: 0x897371f8	Size: 121

Object: Hidden Code [Driver: avuehqn0Ѕ扏煓Ёం浍瑓፜, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x897371f8	Size: 121

Object: Hidden Code [Driver: avuehqn0Ѕ扏煓Ёం浍瑓፜, IRP_MJ_PNP]
Process: System	Address: 0x897371f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System	Address: 0x89ad51f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System	Address: 0x89ad51f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System	Address: 0x89ad51f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x89ad51f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x89ad51f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x89ad51f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x89ad51f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System	Address: 0x89ad51f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System	Address: 0x89ad51f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x89ad51f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System	Address: 0x89ad51f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System	Address: 0x891b9500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System	Address: 0x891b9500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x891b9500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x891b9500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System	Address: 0x891b9500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System	Address: 0x891b9500	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System	Address: 0x898bd3d0	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System	Address: 0x898bd3d0	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x898bd3d0	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x898bd3d0	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System	Address: 0x898bd3d0	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x898bd3d0	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System	Address: 0x898bd3d0	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System	Address: 0x88c7b1f8	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑁䅭䣠 쀠ࠁDDEMLM, IRP_MJ_CREATE]
Process: System	Address: 0x894cc500	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑁䅭䣠 쀠ࠁDDEMLM, IRP_MJ_CLOSE]
Process: System	Address: 0x894cc500	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑁䅭䣠 쀠ࠁDDEMLM, IRP_MJ_READ]
Process: System	Address: 0x894cc500	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑁䅭䣠 쀠ࠁDDEMLM, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x894cc500	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑁䅭䣠 쀠ࠁDDEMLM, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x894cc500	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑁䅭䣠 쀠ࠁDDEMLM, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x894cc500	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑁䅭䣠 쀠ࠁDDEMLM, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x894cc500	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑁䅭䣠 쀠ࠁDDEMLM, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x894cc500	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑁䅭䣠 쀠ࠁDDEMLM, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x894cc500	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑁䅭䣠 쀠ࠁDDEMLM, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x894cc500	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑁䅭䣠 쀠ࠁDDEMLM, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x894cc500	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑁䅭䣠 쀠ࠁDDEMLM, IRP_MJ_CLEANUP]
Process: System	Address: 0x894cc500	Size: 121

Object: Hidden Code [Driver: Cdfs؅అ瑁䅭䣠 쀠ࠁDDEMLM, IRP_MJ_PNP]
Process: System	Address: 0x894cc500	Size: 121

==EOF==

Fehlerhafte Google Verlinkung

Log-Analyse und Auswertung: Fehlerhafte Google Verlinkung