Brief von OnlineBanking - Trojaner auf meinem PC?

bloona · 29.08.2010, 14:39

Hallo alle miteinander!

Habe gestern einige Postings hier durchgelesen, die zu meinem Problem passen könnten und schreibe jetzt doch einfach mal mein eigenes. Ich hoffe, mir kann jemand helfen:

Habe am Freitag (27.08.) sowohl einen Anruf als auch einen Brief von meiner Bank bekommen, dass ein fremder Computer versucht hat, auf mein online-banking zuzugreifen (Zitat vom Brief: "Unser Rechenzentrum hat uns darüber informiert, dass Ihre Zugangsdaten zum OnlineBanking auf einem fremden Rechner gefunden wurden. Wir haben Grund zu der Annahme, dass sich auf Ihrem Computer ein Schadprogramm (Trojaner, Virus) befindet. [...]")

Ich hatte bisher immer nur die kostenlose Version von AntiVir (das mit dem rotem Schirm) auf meinem PC, habe mir dann am Samstag das G Data TotalCare 2011 gekauft und gleich mal drüberlaufen lassen. Das hat auch tatsächlich 4 Trojaner gefunden (es waren zumindest 4 Meldungen), die ich vor lauter Schock als "in Quarantäne verschieben/wenn nicht möglich löschen" markiert hatte. In Quarantäne verschieben war wohl nicht möglich, denn G Data hat mir dann gemeldet, dass die Dateien gelöscht wurden.

Das der(/die) Trojaner jetzt auch tatsächlich weg sind, bezweifle ich sehr. Eigentlich hatte ich bisher keine Auffälligkeiten (extrem langsam, öffnet eigenwillig das Internet, Popups erscheinen ungewollt etc.) bei meine PC bemerkt, bis heute Mittag, da ging auf einmal gar nichts mehr und als ich ihn neu hochfahren wollte hat es ewig gedauert.

Habe mir jetzt HijackThis runtergeladen und wollte mein PC prüfen lassen und da kamen dann auch schon die nächsten Probleme:

1. Meldung: "For some reason your system denied write access to the Host file. If any hijacked domains are in this file, HiJackThis may NOT be able to fix this.
If that happens, you need to edit the file yourself. To do this, click Start, Run and type:
notepad C:\Windows\System32\drivers\etc\hosts
and press Enter. Find the line(s) HighjackThis reports and delete them.
Save the file as 'hosts.' (with quotes) and reboot.

For Vista: simply, exit HijackThis, right click on the HigjackThis icon, choose Run as administrator."

Aus irgendeinen Grund erschien aber bei mir nicht 'Als Administrator ausführen', wenn ich auf das Icon Rechtsklick gemacht habe.
Habe es dann einfach mal nur so durchlaufen lassen und beim erstellen der Logfile kam dann auch schon die zweite Fehlermeldung:

2. Meldung: Datei C:\Programm Files\Trend Micro\HiJackThis\hijackthistxt. kann nicht gefunden werden.
Möchten Sie eine neue Datei erstellen? Ja/Nein

Sowohl bei Ja als auch bei noch mal durchlaufen und dann Nein hat sich einfach gar nichts gerührt.
Habe mein Ergebnis jetzt mal als Screenshots gespeichert, ich hoffe das bringt auch was, wenn ich es hier poste.

Daten zu meinem PC (bzw. Laptop)

Ich habe ein Notebook von Dell
Windows Vista Home Premium, Service Pack 2
Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Arbeitsspeicher: 3GB
Systemtyp: 32 Bit-Betriebssystem

Screenshots zu meinem HijackThis-Ergebnis (EDIT: irgendwas hat nicht funktioniert, darf ich die Links so posten?):
hxxp://www.bilder-hochladen.net/files/wq9-19-jpg.html

hxxp://www.bilder-hochladen.net/files/wq9-1a-jpg.html

hxxp://www.bilder-hochladen.net/files/wq9-1b-jpg.html

Hoffe sehr, dass irgendjemand mir helfen kann. Ich muss dazu sagen, dass ich ein absoluter Laie in Sachen Computer bin, also bitte sehr "einfaches" deutsch und keine Fremdwörter aus der "Computer-Sprache" verwenden

Swisstreasure · 29.08.2010, 19:12

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Hosts reparieren

Lade Dir bitte HostsXpert herunter.
Entpacke die Zipdatei und starte das Tool.
Klicke nun auf Restore MS Hosts File--> Ok--> Exit Programm.
Solltest Du kein Zip-Programm haben kannst Du Dir die Testversion von Winzip herunterladen.

Schritt 2

Downloade Malwarebytes Anti-Malware (ca. 2 MB) von diesen Downloadspiegel:

Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
Lasse es online updaten (Reiter Updates), wenn das nicht automatisch passiert (ca. 1 MB).
Aktiviere "Komplett Scan durchführen" => Scan.
Wähle alle verfügbaren Laufwerke aus und starte den Scan.
Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
Versichere Dich, dass alle Funde markiert sind und drücke "Löschen".
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
Berichte, wie der Rechner nun läuft.

Hier findest Du eine ausführliche und bebilderte Anleitung.

bloona · 30.08.2010, 15:55

Hallo Swisstreasure,

danke für deine Antwort. Habe beide Schritte jetzt ausgeführt, der Scan hat ganz schön lange gedauert (3 Stunden, hätte nicht gedacht, dass ich so viele Daten auf meinem Laptop hab

)

Also das ist das Ergebnis von Malwarebytes:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4505

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

30.08.2010 16:30:05
mbam-log-2010-08-30 (16-30-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 302646
Laufzeit: 3 Stunde(n), 14 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\*Bloona*\AppData\Roaming\dhxiuw.dat (Malware.Trace) -> Quarantined and deleted successfully.

Mein Rechner läuft momentan eigentlich ganz normal, sowohl vor dem Scan als auch danach. Es ging diesmal auch problemlos die Anwendung als Administrator auszuführen. Vielleicht war er gestern auch einfach ein bisschen überbelastet und hat deswegen etwas gezickt

Gruß, bloona
_____

EDIT: Möchte noch kurz was hinzufügen: Habe gerade in ein paar anderen Posts, die auch Probleme mit ihrem OnlineBanking und Trojanern hatten, dass das Zeichen ^ immer sofort doppelt kam, wenn sie es nur einmal angetippt haben. Das Problem hatte ich bis heute auch noch (wobei es auch bei dem Zeichen ` so war), hatte mir aber nichts dabei gedacht. Ist das wirklich ein Indiz dafür, dass irgendwas nicht stimmt?
Also jedenfalls ist es bei mir seit heute nicht mehr so, das Zeichen ^ (und auch `) kommt jetzt wirklich nur noch einmal, wenn ich es nur einmal antippe. (Wollte das nur noch hinzufügen, für den Fall, dass das wichtig sein könnte)

Swisstreasure · 30.08.2010, 16:59

Ja dann ist das schon ein gutes Zeichen

Kannst Du wieder normals arbeiten?

Schritt 1

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Minimal-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Gmer startet automatisch einen ersten Scan.

Sollte sich ein Fenster mit folgender Warnung öffnen:

Code:

ATTFilter

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.
Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
Wenn der Scan fertig ist, bleibt die Zeile leer.
Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

bloona · 30.08.2010, 19:02

[QUOTE=Swisstreasure;562126]Ja dann ist das schon ein gutes Zeichen

Kannst Du wieder normals arbeiten?

Jein, also mir ist aufgefallen, dass er total spinnt, wenn ich Benutzerkonten wechsle. Ich habe ein Administrator-Konto und ein "normales Konto" (wobei ich das normale Konto erst vor wenigen Tagen, also nach dem Virenbefall eingerichtet habe). Wenn ich mich jetzt von meinem normalen Konto abmelde und dann ins Administrator-Konot gehe, um Anwendungen auszuführen, dann stürzt er mir jedesmal ab. Weiß jetzt nur nicht, ob das wirklich am Virus/Trojaner liegt oder ob ich einfach nur zu viel Zeug auf'm Rechner hab und er es deswegen nicht gebacken kriegt.
Wenn ich ihn aber dann erst nochmal neu starte und gleich ins Administrator-Konto gehe, dann ist er zwar am Anfang noch recht langsam, aber sobald alles hochgefahren ist, läuft er eigentlich normal.

Also hier jetzt erstmal die beiden Logfiles vom Scan mit OTL:

OTL

Code:

ATTFilter

OTL logfile created on: 30.08.2010 19:09:25 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\*bloona*\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,46 Gb Total Space | 55,79 Gb Free Space | 40,88% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,77 Gb Free Space | 57,69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: *bloona*PC
Current User Name: *bloona*
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*bloona*\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG)
PRC - C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe (G Data Software AG)
PRC - C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe ()
PRC - C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Programme\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
PRC - C:\Programme\G Data\TotalCare\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Windows\System32\ieconfig_1und1_svc.exe (mquadr.at softwareengineering und consulting gmbh)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe ()
PRC - C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
PRC - C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*bloona*\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDFwSvc) -- C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe ()
SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (GDBackupSvc) -- C:\Programme\G Data\TotalCare\AVKBackup\AVKBackupService.exe (G Data Software AG)
SRV - (AVKService) -- C:\Programme\G Data\TotalCare\AVK\AVKService.exe (G Data Software AG)
SRV - (GDTunerSvc) -- C:\Programme\G Data\TotalCare\AVKTuner\AVKTunerService.exe (G Data Software AG)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (serviceIEConfig) -- C:\Windows\System32\ieconfig_1und1_svc.exe (mquadr.at softwareengineering und consulting gmbh)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Adobe Version Cue CS2) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WacomVKHid) -- C:\Windows\System32\DRIVERS\WacomVKHid.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G DATA Software AG)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.gmx.net/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.gmx.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.28 23:09:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.28 18:39:00 | 000,000,000 | ---D | M]
 
[2009.06.17 15:36:45 | 000,000,000 | ---D | M] -- C:\Users\*bloona*\AppData\Roaming\mozilla\Extensions
[2010.08.30 10:47:48 | 000,000,000 | ---D | M] -- C:\Users\*bloona*\AppData\Roaming\mozilla\Firefox\Profiles\xedglzpn.default\extensions
[2010.04.28 10:15:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*bloona*\AppData\Roaming\mozilla\Firefox\Profiles\xedglzpn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.28 18:03:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.28 18:03:29 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010.08.03 15:32:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.15 11:43:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.30 13:07:08 | 000,000,698 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (GMX Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON SX100 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; Mozilla\4.0 ( File not found
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764 begin_of_the_skype_highlighting**************006097098764******end_of_the_skype_highlighting} hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.30 13:13:30 | 000,000,000 | ---D | C] -- C:\Users\*bloona*\AppData\Roaming\Malwarebytes
[2010.08.30 13:13:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.30 13:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.30 13:13:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.30 13:13:04 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.29 14:16:59 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.08.28 18:04:21 | 000,047,560 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2010.08.28 18:04:03 | 000,038,856 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2010.08.27 16:59:02 | 000,029,992 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2010.08.27 16:46:29 | 000,062,024 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2010.08.27 16:46:29 | 000,033,480 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2010.08.27 16:45:54 | 000,040,904 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2010.08.27 16:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2010.08.27 16:45:03 | 000,000,000 | ---D | C] -- C:\Programme\G Data
[2010.08.27 16:45:03 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\G Data
[2010.08.27 16:34:40 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Local\Downloaded Installations
[2010.08.12 11:46:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.12 11:46:30 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.12 11:46:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.12 11:46:29 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.12 11:46:29 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.12 11:46:29 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.12 11:46:29 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.12 11:46:29 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.12 11:46:29 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.12 11:46:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.12 11:46:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.12 11:46:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.12 11:46:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.12 11:46:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.12 11:46:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.12 11:46:28 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.12 11:46:19 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.12 11:46:15 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.12 11:46:03 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.12 11:46:03 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.09 18:21:30 | 000,648,560 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Touch_Tablet.dll
[2010.08.09 18:21:19 | 000,000,000 | ---D | C] -- C:\Programme\TabletPlugins
[2010.08.03 15:35:37 | 000,000,000 | ---D | C] -- C:\Users\*bloona*\AppData\Roaming\skypePM
[2010.08.03 15:33:10 | 000,000,000 | ---D | C] -- C:\Users\*bloona*\AppData\Roaming\Skype
[2010.08.03 15:32:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.08.03 15:32:25 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.08.03 15:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.30 19:30:31 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A300626B-74E4-43EE-8F5F-F7037F0689E6}.job
[2010.08.30 19:08:52 | 002,621,440 | -HS- | M] () -- C:\Users\Jens\NTUSER.DAT
[2010.08.30 19:03:47 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.30 19:03:47 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.30 19:03:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.30 19:03:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.30 19:03:32 | 3208,704,000 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.30 18:52:51 | 000,524,288 | -HS- | M] () -- C:\Users\Jens\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.08.30 18:52:51 | 000,065,536 | -HS- | M] () -- C:\Users\Jens\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.30 18:47:28 | 002,062,719 | -H-- | M] () -- C:\Users\*bloona*\AppData\Local\IconCache.db
[2010.08.30 17:39:17 | 000,047,560 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2010.08.30 17:38:45 | 000,005,972 | ---- | M] () -- C:\Users\*bloona*\AppData\Local\d3d9caps.dat
[2010.08.30 17:36:49 | 000,062,024 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2010.08.30 17:36:49 | 000,038,856 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2010.08.30 17:36:49 | 000,033,480 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2010.08.30 16:31:18 | 000,025,600 | ---- | M] () -- C:\Users\*bloona*\Documents\troja.doc
[2010.08.30 13:13:10 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.30 10:46:45 | 000,000,036 | ---- | M] () -- C:\Users\*bloona*\AppData\Local\housecall.guid.cache
[2010.08.29 14:47:10 | 000,002,521 | ---- | M] () -- C:\Users\*bloona*\Desktop\HiJackThis.lnk
[2010.08.29 13:58:27 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.08.28 18:39:01 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.28 18:19:15 | 000,029,992 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2010.08.28 18:04:03 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\G Data TotalCare 2011.lnk
[2010.08.28 18:03:06 | 000,040,904 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2010.08.26 10:23:29 | 001,432,694 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.26 10:23:29 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.26 10:23:29 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.26 10:23:29 | 000,125,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.26 10:23:29 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.24 15:08:14 | 003,520,978 | ---- | M] () -- C:\Users\*bloona*\Desktop\giny.jpg
[2010.08.24 15:04:44 | 000,070,962 | ---- | M] () -- C:\Users\*bloona*\Desktop\Giny_Verlobungsring_2.jpg
[2010.08.24 15:04:43 | 000,021,591 | ---- | M] () -- C:\Users\*bloona*\Desktop\Giny_Verlobungsring.jpg
[2010.08.24 15:04:42 | 000,030,108 | ---- | M] () -- C:\Users\*bloona*\Desktop\Giny_Verlobungsring_3.jpg
[2010.08.19 08:23:43 | 000,022,528 | ---- | M] () -- C:\Users\*bloona*\Documents\**** Hochzeit.doc
[2010.08.16 19:37:31 | 000,025,088 | ---- | M] () -- C:\Users\*bloona*\Documents\Marzipantorte.doc
[2010.08.16 15:19:11 | 000,025,600 | ---- | M] () -- C:\Users\*bloona*\Documents\Marzipan Torte.doc
[2010.08.13 12:54:51 | 000,359,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.12 11:55:35 | 000,048,640 | ---- | M] () -- C:\Users\*bloona*\Desktop\Intouch News-Flitterwochen 2.doc
[2010.08.06 21:10:43 | 000,015,872 | ---- | M] () -- C:\Users\*bloona*\Documents\Auto.xls
[2010.08.03 15:35:41 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.08.03 15:32:27 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.30 16:31:18 | 000,025,600 | ---- | C] () -- C:\Users\*bloona*\Documents\troja.doc
[2010.08.30 13:13:10 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.30 10:46:45 | 000,000,036 | ---- | C] () -- C:\Users\*bloona*\AppData\Local\housecall.guid.cache
[2010.08.29 14:42:16 | 000,002,521 | ---- | C] () -- C:\Users\*bloona*\Desktop\HiJackThis.lnk
[2010.08.28 18:04:03 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\G Data TotalCare 2011.lnk
[2010.08.24 15:06:27 | 003,520,978 | ---- | C] () -- C:\Users\*bloona*\Desktop\giny.jpg
[2010.08.24 15:04:40 | 000,070,962 | ---- | C] () -- C:\Users\*bloona*\Desktop\Giny_Verlobungsring_2.jpg
[2010.08.24 15:04:40 | 000,030,108 | ---- | C] () -- C:\Users\*bloona*\Desktop\Giny_Verlobungsring_3.jpg
[2010.08.24 15:04:40 | 000,021,591 | ---- | C] () -- C:\Users\*bloona*\Desktop\Giny_Verlobungsring.jpg
[2010.08.16 15:27:50 | 000,025,088 | ---- | C] () -- C:\Users\*bloona*\Documents\Marzipantorte.doc
[2010.08.15 21:51:23 | 000,025,600 | ---- | C] () -- C:\Users\*bloona*\Documents\Marzipan Torte.doc
[2010.08.12 11:55:35 | 000,048,640 | ---- | C] () -- C:\Users\*bloona*\Desktop\Intouch News-Flitterwochen 2.doc
[2010.08.03 23:51:45 | 000,022,528 | ---- | C] () -- C:\Users\*bloona*\Documents\Nena Hochzeit.doc
[2010.08.03 15:35:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.03 15:32:27 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.08.01 22:34:38 | 000,015,872 | ---- | C] () -- C:\Users\*bloona*\Documents\Auto.xls
[2009.12.11 15:45:24 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.12.11 15:45:24 | 000,000,008 | RHS- | C] () -- C:\ProgramData\08A8C4BB49.sys
[2009.10.25 16:08:36 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.10.25 16:08:35 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.10.18 20:58:19 | 000,004,096 | -H-- | C] () -- C:\Users\*bloona*\AppData\Local\keyfile3.drm
[2009.09.24 10:28:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.12.14 18:00:24 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.12.14 17:56:32 | 000,000,025 | ---- | C] () -- C:\Windows\CDESX100DEFGIPS.ini
[2008.08.03 09:48:54 | 000,005,972 | ---- | C] () -- C:\Users\*bloona*\AppData\Local\d3d9caps.dat
[2008.08.02 11:25:00 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008.08.02 11:25:00 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008.08.02 11:25:00 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008.05.23 18:49:24 | 000,013,312 | ---- | C] () -- C:\Users\*bloona*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.22 10:22:38 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.04.30 18:31:02 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.04.30 18:31:02 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008.04.30 18:31:02 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.04.30 18:31:02 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.04.30 18:31:02 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.04.30 18:30:59 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.04.30 10:50:16 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2008.04.30 10:50:15 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008.04.30 10:50:15 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.02.20 19:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002.05.04 15:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll
 
========== LOP Check ==========
 
[2009.03.04 02:16:35 | 000,000,000 | ---D | M] -- C:\Users\*bloona*\AppData\Roaming\EPSON
[2009.01.17 21:55:13 | 000,000,000 | ---D | M] -- C:\Users\*bloona*\AppData\Roaming\My Games
[2009.12.25 23:32:38 | 000,000,000 | ---D | M] -- C:\Users\*bloona*\AppData\Roaming\Opera
[2010.01.20 22:55:04 | 000,000,000 | ---D | M] -- C:\Users\*bloona*\AppData\Roaming\SYSTEMAX Software Development
[2010.08.28 18:31:39 | 000,000,000 | ---D | M] -- C:\Users\*bloona*\AppData\Roaming\Taluu
[2010.08.28 15:03:21 | 000,000,000 | ---D | M] -- C:\Users\*bloona*\AppData\Roaming\Wahio
[2009.11.13 20:48:32 | 000,000,000 | ---D | M] -- C:\Users\*bloona*\AppData\Roaming\WTouch
[2010.08.30 17:37:06 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.30 19:30:31 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A300626B-74E4-43EE-8F5F-F7037F0689E6}.job
 
========== Purity Check ==========
 
 
< End of report >

EXTRAS

Code:

ATTFilter

OTL Extras logfile created on: 30.08.2010 19:09:25 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\*bloona*\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,46 Gb Total Space | 55,79 Gb Free Space | 40,88% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,77 Gb Free Space | 57,69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: *bloona*PC
Current User Name: *bloona*
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Adobe\Adobe GoLive CS2\GoLive.exe" "%1" ()
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F8A0A40-6CA1-464E-A5D5-50AFDA268D28}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | 
"{265E2F1D-DDBD-41DA-A480-78AF642A05C6}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{6855A4F9-1555-4795-A409-8B41C527047B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{99F964FC-EF3F-47B5-8B96-D99F5B02A027}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A01B5A66-87AF-4E17-842C-FBE06972CC8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B02A6C49-BE69-4211-9C0C-B8633DD96742}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D67CAFE3-78BB-4B27-8B1B-5062AC5DA2FA}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | 
"{EADE631B-4F9E-42FE-8754-ADB580A684EA}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe | 
"{EBE49D36-44C4-4F49-A663-995B298A4796}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | 
"{EE5E4FB3-D886-4E78-BF86-C03B5E043455}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe | 
"TCP Query User{11C2701B-02ED-4F34-8582-6B55CBE30285}C:\users\bloona\documents\zerg_reveal_final_german_xvid.avi-downloader.exe" = protocol=6 | dir=in | app=c:\users\bloona\documents\zerg_reveal_final_german_xvid.avi-downloader.exe | 
"TCP Query User{227B1375-E1A6-4165-802A-443719F65ED8}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"TCP Query User{2C6740AC-BEE2-46BB-8924-7723FB9DBC51}C:\users\bloona\documents\starcraft2artworktrailereu-avi-downloader.exe" = protocol=6 | dir=in | app=c:\users\bloona\documents\starcraft2artworktrailereu-avi-downloader.exe | 
"TCP Query User{2DF1739F-7627-4FA1-BAC4-4258C53A7EE0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{5034E0BC-8A34-4A1A-B696-AC5B85F4729D}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{573E7FAF-DA1E-4271-8B37-340AE5D3AFA1}C:\users\jens\documents\terran_demo_german_sub.avi-downloader.exe" = protocol=6 | dir=in | app=c:\users\bloona\documents\terran_demo_german_sub.avi-downloader.exe | 
"TCP Query User{5958C815-EC0C-46F7-A146-AF3BB9F99EB8}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"TCP Query User{96A1FBE1-B81F-4463-B334-557A5BFA0173}C:\program files\diablo\diablo.exe" = protocol=6 | dir=in | app=c:\program files\diablo\diablo.exe | 
"TCP Query User{A76AF371-D9A6-44DD-8E6E-E3DD591B161C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{C6BE7486-22A5-4407-AF48-F60A442747F8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{D1F83FBE-1E37-41DC-84C5-8DFA3D247F67}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{D323809F-2E7D-4D20-AE18-0EFC6D4D2A01}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{EF5751E1-C8CA-4932-B6E3-814BC625F740}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe | 
"TCP Query User{FF310DDF-1BE1-4A2C-BCC9-9BA8874A3303}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{1C68B677-4B23-4068-A2AD-6E44D4934B22}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{445B4DF2-8327-43F7-AF26-431CAB7071A4}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"UDP Query User{46DED997-CA24-466B-9337-D69045049A47}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{4B7E20FD-DFF5-4432-A16E-0003F2D8EE0F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{5B0247A0-506E-4603-B535-99D31A6B4814}C:\program files\diablo\diablo.exe" = protocol=17 | dir=in | app=c:\program files\diablo\diablo.exe | 
"UDP Query User{710FC95A-F117-41FD-A0FA-8D6EBE6DD049}C:\users\bloona\documents\starcraft2artworktrailereu-avi-downloader.exe" = protocol=17 | dir=in | app=c:\users\jens\documents\starcraft2artworktrailereu-avi-downloader.exe | 
"UDP Query User{84455125-E768-4329-AFEB-0D4DDA93A098}C:\users\bloona\documents\terran_demo_german_sub.avi-downloader.exe" = protocol=17 | dir=in | app=c:\users\jens\documents\terran_demo_german_sub.avi-downloader.exe | 
"UDP Query User{ACD82890-6CD8-4C27-811E-AAA810FA72BC}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{AF9B2650-A0F1-40A8-9172-125C3F71B2AD}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe | 
"UDP Query User{AFCA753A-74C6-43F9-BFAA-B393AE0B832E}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{B059BF5A-AC3B-463B-B945-238C2BDE6077}C:\users\bloona\documents\zerg_reveal_final_german_xvid.avi-downloader.exe" = protocol=17 | dir=in | app=c:\users\bloona\documents\zerg_reveal_final_german_xvid.avi-downloader.exe | 
"UDP Query User{CC6D6382-904F-4A8B-9C28-54F94641C35F}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"UDP Query User{D0FADA7E-5C60-4087-8ABC-5A38DDD0F7C7}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{F6EE8DF7-08EA-48C5-AEFF-63EDC570D1AE}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 20
"{2C82E097-694E-44ea-A947-2750679469CF}" = Die Sims™ 2
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31B59248-4591-4ED7-BBE9-588C60F09FAC}" = G Data TotalCare 2011
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46548E80-0407-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"artido-Foto Fun collection" = artido-Foto Fun collection
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Diablo" = Diablo
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX100_TX100 Benutzerhandbuch" = EPSON Stylus SX100_TX100 Handbuch
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PaintToolSAI" = PaintTool SAI Ver.1
"Pen Tablet Driver" = Bamboo
"Scriptorium_for_TS2_is1" = Scriptorium for TS2
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer 
"Starcraft" = Starcraft
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo" = Diablo
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.06.2010 05:16:11 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 29.06.2010 05:16:11 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 29.06.2010 10:32:29 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 29.06.2010 10:32:29 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 30.06.2010 04:09:32 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 30.06.2010 04:09:32 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 30.06.2010 11:00:32 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 30.06.2010 11:00:32 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.07.2010 02:54:53 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.07.2010 02:54:53 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 30.08.2010 12:29:02 | Computer Name = bloonaPC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.08.2010 12:30:07 | Computer Name = bloonaPC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.08.2010 12:33:18 | Computer Name = bloonaPC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.08.2010 12:41:55 | Computer Name = bloonaPC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.08.2010 12:44:31 | Computer Name = bloonaPC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.08.2010 12:53:19 | Computer Name = bloonaPC | Source = DCOM | ID = 10005
Description = 
 
Error - 30.08.2010 12:53:19 | Computer Name = bloonaPC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 30.08.2010 12:53:19 | Computer Name = bloonaPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 30.08.2010 13:03:38 | Computer Name = bloonaPC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 30.08.2010 um 18:53:38 unerwartet heruntergefahren.
 
Error - 30.08.2010 13:05:16 | Computer Name = bloonaPC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

Führe jetzt den Schritt 2 aus.

_________________

EDIT:
Gmer funktioniert bei mir nicht. Sobald ich den Rootkit-Scan machen möchte, kommt nach etwa einer Minute eine Fehlermeldung von Windows:
"j3qi5h15.exe funktioniert nicht mehr.
Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist.
<Programm schließen>"

Ich hatte aber alles so gemacht, wie du gesagt hattest. Internet gekappt (WLan ausgeschaltet), G Data und Firewall abgeschaltet und nichts anderes am Laptop gemacht...
Die Fehlermeldung kam zweimal, nach dem ersten mal hab ich zuerst den Laptop nochmal neu gestartet und es nochmal versucht (natürlich Internet und G Data etc. alles aus), aber die Fehlermeldung kam wieder.

EDIT2: Ach so, den Windows Defender vom Windows Sichcherheitscenter konnte ich nicht abstellen, kann es daran geleden haben?

bloona · 30.08.2010, 21:06

Hab grad gesehen, dass wenn man was editiert, der editierte Post nicht als neuer Post angezeigt wird.

Damit du mich ja nicht übersiehst (und weil ich leider von Natur aus hin und wieder bisschen ungeduldig bin

) füge ich meine vorherigen Edits jetzt doch als eigen Posts ein.

Also:

Gmer funktioniert bei mir nicht. Sobald ich den Rootkit-Scan machen möchte, kommt nach etwa einer Minute eine Fehlermeldung von Windows:
"j3qi5h15.exe funktioniert nicht mehr.
Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist.
<Programm schließen>"

Ich hatte aber alles so gemacht, wie du gesagt hattest. Internet gekappt (WLan ausgeschaltet), G Data und Firewall abgeschaltet und nichts anderes am Laptop gemacht...
Die Fehlermeldung kam zweimal, nach dem ersten mal hab ich zuerst den Laptop nochmal neu gestartet und es nochmal versucht (natürlich Internet und G Data etc. alles aus), aber die Fehlermeldung kam wieder.

Ach so, den Windows Defender vom Windows Sichcherheitscenter konnte ich nicht abstellen, kann es daran gelegen haben?

Swisstreasure · 31.08.2010, 17:27

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
- Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
- Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

bloona · 31.08.2010, 18:11

Jetzt schon mal vielen Dank für deine Hilfe!

Habe Combofix ausgeführt und das ist das Ergebnis:

Code:

ATTFilter

ComboFix 10-08-30.03 - bloona 31.08.2010  18:41:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3061.1699 [GMT 2:00]
ausgeführt von:: c:\users\bloona\Desktop\Combo-Fix.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\bloona\FAVORI~1\Games.url
c:\users\bloona\Favorites\Games.url
c:\users\bloona\Favorites\Games.url

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-28 bis 2010-08-31  ))))))))))))))))))))))))))))))
.

2010-08-31 16:54 . 2010-08-31 16:54	--------	d-----w-	c:\users\bloona\AppData\Local\temp
2010-08-31 16:54 . 2010-08-31 16:54	--------	d-----w-	c:\users\bloona\AppData\Local\temp
2010-08-31 16:54 . 2010-08-31 16:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-30 11:13 . 2010-08-30 11:13	--------	d-----w-	c:\users\bloona\AppData\Roaming\Malwarebytes
2010-08-30 11:13 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-30 11:13 . 2010-08-30 11:13	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-30 11:13 . 2010-08-30 11:13	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-30 11:13 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-29 12:42 . 2010-08-29 12:42	388096	----a-r-	c:\users\bloona\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-29 12:20 . 2010-08-29 12:20	--------	d-----w-	c:\users\bloona\AppData\Local\SupportSoft
2010-08-28 21:38 . 2010-08-28 21:38	--------	d-----w-	c:\users\bloona\AppData\Roaming\WTablet
2010-08-28 16:04 . 2010-08-30 15:39	47560	----a-w-	c:\windows\system32\drivers\PktIcpt.sys
2010-08-28 16:04 . 2010-08-30 15:36	38856	----a-w-	c:\windows\system32\drivers\HookCentre.sys
2010-08-27 14:59 . 2010-08-28 16:19	29992	----a-w-	c:\windows\system32\drivers\GRD.sys
2010-08-27 14:46 . 2010-08-30 15:36	62024	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2010-08-27 14:46 . 2010-08-30 15:36	33480	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2010-08-27 14:45 . 2010-08-28 16:03	40904	----a-w-	c:\windows\system32\drivers\gdwfpcd32.sys
2010-08-27 14:45 . 2010-08-31 08:42	--------	d-----w-	c:\programdata\G DATA
2010-08-27 14:45 . 2010-08-28 16:00	--------	d-----w-	c:\program files\Common Files\G Data
2010-08-27 14:45 . 2010-08-28 16:00	--------	d-----w-	c:\program files\G Data
2010-08-27 14:34 . 2010-08-28 15:57	--------	d-----w-	c:\users\bloona\AppData\Local\Downloaded Installations
2010-08-12 09:45 . 2010-06-11 16:15	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-08-12 09:45 . 2010-06-18 15:04	302080 begin_of_the_skype_highlighting**************04 302080******end_of_the_skype_highlighting	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-12 09:45 . 2010-06-18 15:04	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-12 09:45 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-08-09 16:21 . 2010-07-13 12:26	648560	----a-w-	c:\windows\system32\Pen_Touch_Tablet.dll
2010-08-09 16:21 . 2010-08-09 16:21	--------	d-----w-	c:\program files\TabletPlugins
2010-08-03 13:35 . 2010-08-31 07:41	--------	d-----w-	c:\users\bloona\AppData\Roaming\skypePM
2010-08-03 13:33 . 2010-08-31 07:49	--------	d-----w-	c:\users\bloona\AppData\Roaming\Skype
2010-08-03 13:32 . 2010-08-03 13:32	--------	d-----w-	c:\program files\Common Files\Skype
2010-08-03 13:32 . 2010-08-03 13:32	--------	d-----r-	c:\program files\Skype
2010-08-03 13:32 . 2010-08-03 13:32	--------	d-----w-	c:\programdata\Skype
2010-08-02 09:07 . 2005-04-11 16:45	827392	----a-w-	c:\users\bloona\AppData\Roaming\Adobe\Adobe GoLive\Settings8\Opera\plugins\NPSWF32.dll
2010-08-02 09:07 . 2005-04-11 16:45	28672	----a-w-	c:\users\bloona\AppData\Roaming\Adobe\Adobe GoLive\Settings8\Opera\plugins\PlugDef.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 15:38 . 2008-08-03 07:48	5972	----a-w-	c:\users\bloona\AppData\Local\d3d9caps.dat
2010-08-29 12:17 . 2010-08-29 12:17	388096	----a-r-	c:\users\bloona\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-29 12:16 . 2010-08-29 12:16	--------	d-----w-	c:\program files\Trend Micro
2010-08-29 09:14 . 2008-04-30 08:57	--------	d-----w-	c:\program files\Google
2010-08-28 21:40 . 2010-08-28 21:40	98816	----a-w-	c:\users\bloona\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-28 16:31 . 2009-08-19 06:11	--------	d-----w-	c:\users\bloona\AppData\Roaming\Taluu
2010-08-28 13:03 . 2009-12-10 10:28	--------	d-----w-	c:\users\bloona\AppData\Roaming\Wahio
2010-08-27 14:46 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Sidebar
2010-08-26 08:23 . 2006-11-02 15:33	623280	----a-w-	c:\windows\system32\perfh007.dat
2010-08-26 08:23 . 2006-11-02 15:33	125184	----a-w-	c:\windows\system32\perfc007.dat
2010-08-12 23:34 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-10 17:52 . 2008-05-22 08:28	--------	d-----w-	c:\program files\Warcraft III
2010-08-09 16:25 . 2009-11-13 18:29	--------	d-----w-	c:\users\bloona\AppData\Roaming\WTablet
2010-08-09 16:21 . 2009-11-13 18:25	--------	d-----w-	c:\program files\Tablet
2010-08-09 16:21 . 2009-11-13 18:28	--------	d-----w-	c:\program files\WTouch
2010-08-03 13:35 . 2010-08-03 13:35	56	---ha-w-	c:\programdata\ezsidmv.dat
2010-07-13 12:26 . 2009-11-13 18:25	656240	----a-w-	c:\windows\system32\Pen_Tablet.dll
2010-07-13 12:24 . 2009-11-13 18:25	495616	----a-w-	c:\windows\system32\Wintab32.dll
2010-07-09 07:57 . 2008-05-17 10:14	98816	----a-w-	c:\users\bloona\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-26 06:05 . 2010-08-12 09:46	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 09:46	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 09:46	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 09:46	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-12 09:46	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-12 09:46	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-06-11 16:16 . 2010-08-12 09:46	274944	----a-w-	c:\windows\system32\schannel.dll
2010-06-08 17:35 . 2010-08-12 09:46	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-12 09:46	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
2008-04-30 16:23 . 2008-04-30 16:09	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"G Data AntiVirus Tray Application"="c:\program files\G Data\TotalCare\AVKTray\AVKTray.exe" [2010-08-26 996936]
"GDFirewallTray"="c:\program files\G Data\TotalCare\Firewall\GDFirewallTray.exe" [2010-08-26 1538120]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2009-12-25 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-26 110592]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-26 110592]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-30 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c1,4c,1f,6e,df,40,ca,01

R3 GDBackupSvc;G Data Backup Service;c:\program files\G Data\TotalCare\AVKBackup\AVKBackupService.exe [2010-05-05 901192]
R3 GDTunerSvc;G Data Tuner Service;c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [2010-03-08 934984]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-05-19 16240]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2010-08-30 33480]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2010-08-30 62024]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2010-08-28 40904]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-08-28 29992]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2010-08-30 38856]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-08-27 1178184]
S2 AVKService;G Data Scheduler;c:\program files\G Data\TotalCare\AVK\AVKService.exe [2010-03-31 410696]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\TotalCare\AVK\AVKWCtl.exe [2010-08-25 1330792]
S2 serviceIEConfig;IEConfig 1und1/WEB.DE/GMX Edition;c:\windows\System32\ieconfig_1und1_svc.exe [2009-07-03 662416]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-07-13 6076272]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-07-13 616816]
S3 GDFwSvc;G Data Personal Firewall;c:\program files\G Data\TotalCare\Firewall\GDFwSvc.exe [2010-08-25 1607344]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2010-08-30 47560]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2010-08-25 340552]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-05-20 13224]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-08-31 c:\windows\Tasks\User_Feed_Synchronization-{A300626B-74E4-43EE-8F5F-F7037F0689E6}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://go.1und1.de/links/home
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\xedglzpn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.net/de/
FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\avkwebfilterff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-31 18:54
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\serviceIEConfig]
"ImagePath"="c:\windows\System32\ieconfig_1und1_svc.exe /startedbyscm:016FE01B-40E31F2D-serviceIEConfig"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-08-31  19:00:13
ComboFix-quarantined-files.txt  2010-08-31 17:00

Vor Suchlauf: 11 Verzeichnis(se), 60.132.585.472 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 66.501.140.480 Bytes frei

- - End Of File - - A5A46BA72F2492AC2F74CB6403C3398D

Swisstreasure · 31.08.2010, 22:09

Schritt 1

Downloade Dir bitte RKUnhookerLE und speichere die Datei auf deinem Desktop.

Deaktiviere alle Hintergrundwächter. Besonders den deiner Anti Virensoftware.
Starte die RKUnhookerLE.exe
Klicke auf den Report Tab und danach auf Scan
Setze ein Häckchen bei
- Drivers
- Stealth Code
Entferne alle anderen Hacken
Wenn Du gefragt wirst welcher Bereich gescannt werden soll, gehe sicher das deine Systemplatte ( meistens C: ) angehackt ist.
Klicke OK
Wenn der Scan beendet wurde
File --> Save Report
klicken.
Speichere die Datei als RKU.txt auf dem Desktop.
Klicke Close

Hinweis: Solltest Du folgende Warnung bekommen

Zitat:

"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"

einfach ignorieren.

bloona · 01.09.2010, 11:06

Ok ausgeführt.
Allerdings hat er mir beim ersten mal eine Fehlermeldung gebracht, woraufhin auf einmal der Bildschirm ganz blau wurde und auf Englisch irgendwas von wegen "Ein Fehler ist aufgetreten, Windows muss beendet werden, um weiteren Schaden zu vermeiden..." Es stand noch mehr dabei, aber der Rechner hat sofort neu gestartet, so dass ich es nur ganz kurz überfliegen konnte (bin mir auch nicht mal sicher, ob ich es richtig verstanden habe, wie gesagt, es war alles auf Englisch).

Jedenfalls habe ich es, als er dann neu gestartet hat, es nochmal versucht und dann hat es ganz normal geklappt (denke ich zumindest).

Hier das Ergebnis:

Code:

ATTFilter

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8E408000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6606848 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81E34000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x81E34000 PnpManager 3903488 bytes
0x81E34000 RAW 3903488 bytes
0x81E34000 WMIxWDM 3903488 bytes
0x96A80000 Win32k 2109440 bytes
0x96A80000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Mehrbenutzer-Win32-Treiber)
0x8A40A000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT-Dateisystemtreiber)
0x8A00B000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8F2F0000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8F004000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1052672 bytes (Broadcom Corp., Broadcom 802.11 Network Adapter wireless driver)
0x8A20F000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804DD000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Codeintegritätsmodul)
0xA7C0D000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8A314000 C:\Windows\System32\Drivers\dump_iaStor.sys 815104 bytes
0x89E0D000 C:\Windows\system32\drivers\iastor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8F600000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xAA006000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8EA55000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8EB5A000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8060F000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x89F45000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80413000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xAA13D000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP-Protokollstapel)
0x8F734000 C:\Windows\system32\drivers\stwrt.sys 348160 bytes (IDT, Inc., NDHF)
0x8F160000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xAB479000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x96CD0000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x80741000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8F82C000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80698000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI-Treiber für NT)
0x8A17C000 C:\Windows\system32\DRIVERS\yk60x86.sys 286720 bytes (Marvell, NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller)
0xAB4DF000 C:\Windows\system32\DRIVERS\atksgt.sys 274432 bytes
0x8049C000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x807B7000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8EB0D000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8F2B3000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8F8DD000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8A141000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xAB401000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A51A000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volumeschattenkopie-Treiber)
0x8F25D000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81E01000 ACPI_HAL 208896 bytes
0x81E01000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x89EFA000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Dateisystem-Filter-Manager)
0x8F874000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0xAA0B6000 C:\Windows\system32\DRIVERS\RMCAST.sys 196608 bytes (Microsoft Corporation, Reliable Multicast Transport)
0x89FB6000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8F6E2000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8F1C4000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x8A116000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8F21C000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA0F6000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xAB522000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8A571000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806EF000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT-Plug & Play PCI-Enumerator)
0xAB452000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8F70F000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x805BD000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8A5A9000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8F6C1000 C:\Windows\system32\drivers\IntcHdmi.sys 135168 bytes (Intel(R) Corporation, Intel(R) High Definition Audio HDMI)
0x8F9A6000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8F7DC000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8F9C7000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x89EDC000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xAA1AA000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8A2F9000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8F983000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA-Filtertreiber zur Dateivirtualisierung)
0x8F123000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xAA1C7000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8A1C2000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xAB43A000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8F946000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8A1DA000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA7D19000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8F923000 C:\Windows\system32\drivers\GRD.sys 90112 bytes (G Data Software, G Data Rootkit Detector Driver)
0x8F8A6000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS-Paketplaner)
0x8F802000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xAA1E0000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x805E0000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x89FE5000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F14C000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8F818000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8F1B1000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042-Anschlusstreiber)
0xAA12A000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8F8CA000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8A598000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8F2A2000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80483000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Plattformspezifischer Hardwarefehlertreiber)
0x89F2C000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8A3EA000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xAA0E6000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x807A7000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8F105000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xA7D09000 C:\Windows\system32\drivers\PktIcpt.sys 65536 bytes (G Data Software AG, WFP PktInterceptor 2 (Pkt2 Filter))
0x8F20A000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8A3DB000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8F974000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A55B000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80716000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8A1F1000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8F13D000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x8EB4B000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80732000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8F115000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x96CC0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8F7A2000 C:\Windows\system32\drivers\HookCentre.sys 57344 bytes (G Data Software AG, Security Hook)
0x8F794000 C:\Windows\system32\drivers\MiniIcpt.sys 57344 bytes (G Data Software AG, Filesystem MiniInterceptor (Mini Filter))
0x8F8BC000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x80600000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80792000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8F95D000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8F939000 C:\Windows\system32\drivers\gdwfpcd32.sys 53248 bytes (G DATA Software AG, G DATA WFP Callout Driver)
0x8F6B4000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modemgerätetreiber)
0x8F250000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8068B000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA7CF5000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8F7D0000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8EAF6000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8EBE7000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Tastaturklassentreiber)
0x8F1F0000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mausklassentreiber)
0x8A000000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8A200000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8A5F4000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8A5E0000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8EB02000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80728000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8F96A000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8F246000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA120000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8F919000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA7CEB000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8A5CA000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8F7B0000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8F789000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA7D2F000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x89F3C000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8F200000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x96CA0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A5EB000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8EBF2000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806DE000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x89ED4000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80494000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8F292000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID-Mausfiltertreiber)
0x806E7000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F7C7000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F3F3000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A553000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8F29A000 C:\Windows\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
0xA7D01000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8F7C0000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8A56A000 C:\Windows\system32\drivers\GDBehave.sys 28672 bytes (G Data Software AG, Behavior Blocker)
0x8E400000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8078B000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8040C000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8F7B9000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x807A0000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xAB54A000 C:\Windows\system32\DRIVERS\lirsgt.sys 20480 bytes
0x8F1FB000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAB54F000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x80725000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8F000000 C:\Windows\system32\DRIVERS\wacomvhid.sys 12288 bytes (Wacom Technology, Virtual Hid Device)
0x8F21A000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8F792000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8EBFB000 C:\Windows\system32\DRIVERS\WacomVTHid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
==============================================
>Stealth
==============================================
0x06EB0000 Hidden Image-->S2PCISE.exe [ EPROCESS 0x8721A6D0 ] PID: 2404, 36864 bytes

Swisstreasure · 01.09.2010, 11:31

Schritt 1

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.
Button drücken.
- Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User: müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Hacken bei Yes, i accept the Terms of Use.
Drücke den Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Remove found threads" und "Scan archives".
drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.

Schritt 2

Panda
Panda (ohne Registrierung)
- Unterstützte Betriebssysteme: Windows 2000/XP (32- und 64-Bit)/Vista (32 und 64-Bit)
- Voraussetzung: Internet Explorer 5.01 oder höher
- Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
- Du musst Dich registrieren - Newsletter abhaken!
- Kompletter Scan anhaken und auf den grünen Button "Jetzt scannen" klicken.
  - Bei Nutzung über Mozilla Firefox:
  - ActiveScan 2.0 heruntergeladen.
  - ActiveScan 2.0 installieren.
  - Scan starten.
  - Bei Nutzung über Internet Explorer:
  - ActiveX-Steuerelemente erlauben.
  - ActiveX-Steuerelement installieren lassen,
  - die Signaturen werden heruntergeladen, ebenfalls installieren lassen.
  - Der Scan startet automatisch.
- Am Ende des Scans die Funde über den Link "Anzeigen" einblenden lassen, kopieren und hier posten.
- Das ist wichtig, denn Panda entfernt die Funde nur in der kostenpflichtigen Version.
- Der Helfer vom Forum wird Dir helfen, die Funde zu entfernen.
- Im Fall von Problemen bitte zunächst die FAQ lesen.
- Deinstallation:
- Das Programm wird nach C:\Programme\PandaSecurity\ActiveScan 2.0 installiert.
- Das Programm über Systemsteuerung => Software (Panda ActiveScan) deinstallieren.

Schritt 3

Erneuter Systemscan mit OTL

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in Code-Tags hier in den Thread.

bloona · 01.09.2010, 13:18

Ok, Eset ist durch.

Logfile:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=4a19e8108b7757469476ca6e79947d81
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-01 12:15:40
# local_time=2010-09-01 02:15:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=4096 16777215 100 0 326514 326514 0 0
# compatibility_mode=5892 16776573 100 100 97084 120870483 0 0
# compatibility_mode=8192 67108863 100 0 116 116 0 0
# scanned=168306
# found=2
# cleaned=2
# scan_time=5585
C:\Users\bloona\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\556445eb-4643e4e3	probably a variant of Win32/Agent.DYXWUMY trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\bloona\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-2b13bf34	probably a variant of Win32/Agent.DYXWUMY trojan (deleted - quarantined)	00000000000000000000000000000000	C

Mache jetzt Schritt 2...

bloona · 01.09.2010, 15:09

So hier das Ergebnis von Panda, 1 Fund:

1. c:\users\bloona\appdata\roaming\microsoft\windo...cookies\low\bloona@doubleclick[2].txt

Code:

ATTFilter

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-09-01 16:04:37
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
G Data TotalCare 2011                                                      No        Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\users\bloona\appdata\roaming\microsoft\windows\cookies\low\bloona@doubleclick[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent      Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity       Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Führe jetzt Schritt 3 aus...

bloona · 01.09.2010, 15:57

und hier das Ergebnis zu Schritt 3

OTL
OTL Logfile:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.09.2010 16:13:04 - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\bloona\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,46 Gb Total Space | 62,24 Gb Free Space | 45,61% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,77 Gb Free Space | 57,69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: bloonaPC
Current User Name: bloona
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\bloona\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG)
PRC - C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe (G Data Software AG)
PRC - C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe ()
PRC - C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Programme\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
PRC - C:\Programme\G Data\TotalCare\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Windows\System32\ieconfig_1und1_svc.exe (mquadr.at softwareengineering und consulting gmbh)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Programme\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe ()
PRC - C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
PRC - C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\bloona\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDFwSvc) -- C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe ()
SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (GDBackupSvc) -- C:\Programme\G Data\TotalCare\AVKBackup\AVKBackupService.exe (G Data Software AG)
SRV - (AVKService) -- C:\Programme\G Data\TotalCare\AVK\AVKService.exe (G Data Software AG)
SRV - (GDTunerSvc) -- C:\Programme\G Data\TotalCare\AVKTuner\AVKTunerService.exe (G Data Software AG)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (serviceIEConfig) -- C:\Windows\System32\ieconfig_1und1_svc.exe (mquadr.at softwareengineering und consulting gmbh)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Adobe Version Cue CS2) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WacomVKHid) -- C:\Windows\System32\DRIVERS\WacomVKHid.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\bloona\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G DATA Software AG)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.gmx.net/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.28 23:09:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.28 18:39:00 | 000,000,000 | ---D | M]
 
[2009.06.17 15:36:45 | 000,000,000 | ---D | M] -- C:\Users\bloona\AppData\Roaming\mozilla\Extensions
[2010.09.01 12:07:56 | 000,000,000 | ---D | M] -- C:\Users\bloona\AppData\Roaming\mozilla\Firefox\Profiles\xedglzpn.default\extensions
[2010.04.28 10:15:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\bloona\AppData\Roaming\mozilla\Firefox\Profiles\xedglzpn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.28 18:03:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.28 18:03:29 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010.08.03 15:32:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.15 11:43:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.31 18:54:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (GMX Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; Mozilla\4.0 ( File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764 begin_of_the_skype_highlighting**************006097098764******end_of_the_skype_highlighting} hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.01 14:20:54 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2010.09.01 12:40:39 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.09.01 11:46:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.08.31 19:01:56 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2010.08.31 19:00:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.08.31 19:00:15 | 000,000,000 | ---D | C] -- C:\Users\bloona\AppData\Local\temp
[2010.08.31 18:39:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.08.31 18:39:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.08.31 18:39:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.08.31 18:38:53 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010.08.31 18:38:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.08.31 18:37:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.31 18:36:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.30 13:13:30 | 000,000,000 | ---D | C] -- C:\Users\bloona\AppData\Roaming\Malwarebytes
[2010.08.30 13:13:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.30 13:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.30 13:13:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.30 13:13:04 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.29 14:16:59 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.08.28 18:04:21 | 000,047,560 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2010.08.28 18:04:03 | 000,038,856 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2010.08.27 16:59:02 | 000,029,992 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2010.08.27 16:46:29 | 000,062,024 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2010.08.27 16:46:29 | 000,033,480 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2010.08.27 16:45:54 | 000,040,904 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2010.08.27 16:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2010.08.27 16:45:03 | 000,000,000 | ---D | C] -- C:\Programme\G Data
[2010.08.27 16:45:03 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\G Data
[2010.08.27 16:34:40 | 000,000,000 | ---D | C] -- C:\Users\bloona\AppData\Local\Downloaded Installations
[2010.08.12 11:46:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.12 11:46:30 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.12 11:46:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.12 11:46:29 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.12 11:46:29 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.12 11:46:29 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.12 11:46:29 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.12 11:46:29 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.12 11:46:29 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.12 11:46:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.12 11:46:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.12 11:46:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.12 11:46:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.12 11:46:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.12 11:46:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.12 11:46:28 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.12 11:46:19 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.12 11:46:15 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.12 11:46:03 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.12 11:46:03 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.09 18:21:30 | 000,648,560 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Touch_Tablet.dll
[2010.08.09 18:21:19 | 000,000,000 | ---D | C] -- C:\Programme\TabletPlugins
[2010.08.03 15:35:37 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Roaming\skypePM
[2010.08.03 15:33:10 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Roaming\Skype
[2010.08.03 15:32:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.08.03 15:32:25 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.08.03 15:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.01 16:35:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A300626B-74E4-43EE-8F5F-F7037F0689E6}.job
[2010.09.01 16:12:58 | 002,621,440 | -HS- | M] () -- C:\Users\Jens\NTUSER.DAT
[2010.09.01 15:47:29 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.01 15:47:29 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.01 12:39:43 | 002,672,312 | ---- | M] () -- C:\Users\Jens\Desktop\esetsmartinstaller_enu.exe
[2010.09.01 11:46:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.01 11:46:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.01 11:46:34 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.01 11:46:32 | 291,416,382 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.09.01 11:44:11 | 000,133,632 | ---- | M] () -- C:\Users\bloona\Desktop\RKUnhookerLE.EXE
[2010.08.31 22:05:34 | 000,524,288 | -HS- | M] () -- C:\Users\bloona\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.08.31 22:05:34 | 000,065,536 | -HS- | M] () -- C:\Users\bloona\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.31 21:48:31 | 003,393,016 | -H-- | M] () -- C:\Users\bloona\AppData\Local\IconCache.db
[2010.08.31 18:54:52 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.08.31 18:54:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.08.31 18:37:55 | 003,829,867 | R--- | M] () -- C:\Users\bloona\Desktop\Combo-Fix.exe
[2010.08.30 19:35:29 | 000,058,880 | ---- | M] () -- C:\Users\bloona\Documents\OTL Extras logfile created on.doc
[2010.08.30 19:35:03 | 000,095,744 | ---- | M] () -- C:\Users\bloona\Documents\OTL logfile created on.doc
[2010.08.30 17:39:17 | 000,047,560 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2010.08.30 17:38:45 | 000,005,972 | ---- | M] () -- C:\Users\bloona\AppData\Local\d3d9caps.dat
[2010.08.30 17:36:49 | 000,062,024 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2010.08.30 17:36:49 | 000,038,856 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2010.08.30 17:36:49 | 000,033,480 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2010.08.30 16:31:18 | 000,025,600 | ---- | M] () -- C:\Users\bloona\Documents\troja.doc
[2010.08.30 13:13:10 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.30 10:46:45 | 000,000,036 | ---- | M] () -- C:\Users\bloona\AppData\Local\housecall.guid.cache
[2010.08.29 14:47:10 | 000,002,521 | ---- | M] () -- C:\Users\bloona\Desktop\HiJackThis.lnk
[2010.08.29 13:58:27 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.08.28 18:39:01 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.28 18:19:15 | 000,029,992 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2010.08.28 18:04:03 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\G Data TotalCare 2011.lnk
[2010.08.28 18:03:06 | 000,040,904 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2010.08.26 10:23:29 | 001,432,694 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.26 10:23:29 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.26 10:23:29 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.26 10:23:29 | 000,125,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.26 10:23:29 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.24 15:08:14 | 003,520,978 | ---- | M] () -- C:\Users\bloona\Desktop\giny.jpg
[2010.08.24 15:04:44 | 000,070,962 | ---- | M] () -- C:\Users\bloona\Desktop\Giny_Verlobungsring_2.jpg
[2010.08.24 15:04:43 | 000,021,591 | ---- | M] () -- C:\Users\bloona\Desktop\Giny_Verlobungsring.jpg
[2010.08.24 15:04:42 | 000,030,108 | ---- | M] () -- C:\Users\bloona\Desktop\Giny_Verlobungsring_3.jpg
[2010.08.19 08:23:43 | 000,022,528 | ---- | M] () -- C:\Users\bloona\Documents\**** Hochzeit.doc
[2010.08.16 19:37:31 | 000,025,088 | ---- | M] () -- C:\Users\bloona\Documents\Marzipantorte.doc
[2010.08.16 15:19:11 | 000,025,600 | ---- | M] () -- C:\Users\bloona\Documents\Marzipan Torte.doc
[2010.08.13 12:54:51 | 000,359,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.12 11:55:35 | 000,048,640 | ---- | M] () -- C:\Users\bloona\Desktop\Intouch News-Flitterwochen 2.doc
[2010.08.06 21:10:43 | 000,015,872 | ---- | M] () -- C:\Users\bloona\Documents\Auto.xls
[2010.08.03 15:35:41 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.08.03 15:32:27 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.01 12:39:38 | 002,672,312 | ---- | C] () -- C:\Users\bloona\Desktop\esetsmartinstaller_enu.exe
[2010.09.01 11:46:32 | 291,416,382 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.09.01 11:44:08 | 000,133,632 | ---- | C] () -- C:\Users\bloona\Desktop\RKUnhookerLE.EXE
[2010.08.31 18:39:09 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.08.31 18:39:08 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.08.31 18:39:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.08.31 18:39:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.08.31 18:39:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.08.31 18:31:06 | 003,829,867 | R--- | C] () -- C:\Users\bloona\Desktop\Combo-Fix.exe
[2010.08.30 19:35:28 | 000,058,880 | ---- | C] () -- C:\Users\bloona\Documents\OTL Extras logfile created on.doc
[2010.08.30 19:35:03 | 000,095,744 | ---- | C] () -- C:\Users\bloona\Documents\OTL logfile created on.doc
[2010.08.30 16:31:18 | 000,025,600 | ---- | C] () -- C:\Users\bloona\Documents\troja.doc
[2010.08.30 13:13:10 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.30 10:46:45 | 000,000,036 | ---- | C] () -- C:\Users\bloona\AppData\Local\housecall.guid.cache
[2010.08.29 14:42:16 | 000,002,521 | ---- | C] () -- C:\Users\bloona\Desktop\HiJackThis.lnk
[2010.08.28 18:04:03 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\G Data TotalCare 2011.lnk
[2010.08.24 15:06:27 | 003,520,978 | ---- | C] () -- C:\Users\bloona\Desktop\giny.jpg
[2010.08.24 15:04:40 | 000,070,962 | ---- | C] () -- C:\Users\bloona\Desktop\Giny_Verlobungsring_2.jpg
[2010.08.24 15:04:40 | 000,030,108 | ---- | C] () -- C:\Users\bloona\Desktop\Giny_Verlobungsring_3.jpg
[2010.08.24 15:04:40 | 000,021,591 | ---- | C] () -- C:\Users\bloona\Desktop\Giny_Verlobungsring.jpg
[2010.08.16 15:27:50 | 000,025,088 | ---- | C] () -- C:\Users\bloona\Documents\Marzipantorte.doc
[2010.08.15 21:51:23 | 000,025,600 | ---- | C] () -- C:\Users\bloona\Documents\Marzipan Torte.doc
[2010.08.12 11:55:35 | 000,048,640 | ---- | C] () -- C:\Users\bloona\Desktop\Intouch News-Flitterwochen 2.doc
[2010.08.03 23:51:45 | 000,022,528 | ---- | C] () -- C:\Users\bloona\Documents\**** Hochzeit.doc
[2010.08.03 15:35:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.03 15:32:27 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009.12.11 15:45:24 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.12.11 15:45:24 | 000,000,008 | RHS- | C] () -- C:\ProgramData\08A8C4BB49.sys
[2009.10.25 16:08:36 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.10.25 16:08:35 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.10.18 20:58:19 | 000,004,096 | -H-- | C] () -- C:\Users\bloona\AppData\Local\keyfile3.drm
[2009.09.24 10:28:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.12.14 18:00:24 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.12.14 17:56:32 | 000,000,025 | ---- | C] () -- C:\Windows\CDESX100DEFGIPS.ini
[2008.08.03 09:48:54 | 000,005,972 | ---- | C] () -- C:\Users\bloona\AppData\Local\d3d9caps.dat
[2008.08.02 11:25:00 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008.08.02 11:25:00 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008.08.02 11:25:00 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008.05.23 18:49:24 | 000,013,312 | ---- | C] () -- C:\Users\bloona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.22 10:22:38 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.04.30 18:31:02 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.04.30 18:31:02 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008.04.30 18:31:02 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.04.30 18:31:02 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.04.30 18:31:02 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.04.30 18:30:59 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.04.30 10:50:16 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2008.04.30 10:50:15 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008.04.30 10:50:15 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.02.20 19:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002.05.04 15:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll
< End of report >

--- --- ---

--- --- ---

EXTRA
OTL Logfile:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 01.09.2010 16:13:04 - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\bloona\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,46 Gb Total Space | 62,24 Gb Free Space | 45,61% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,77 Gb Free Space | 57,69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: bloonaPC
Current User Name: bloona
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Adobe\Adobe GoLive CS2\GoLive.exe" "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F8A0A40-6CA1-464E-A5D5-50AFDA268D28}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | 
"{265E2F1D-DDBD-41DA-A480-78AF642A05C6}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{6855A4F9-1555-4795-A409-8B41C527047B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{99F964FC-EF3F-47B5-8B96-D99F5B02A027}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A01B5A66-87AF-4E17-842C-FBE06972CC8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B02A6C49-BE69-4211-9C0C-B8633DD96742}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D67CAFE3-78BB-4B27-8B1B-5062AC5DA2FA}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | 
"{EADE631B-4F9E-42FE-8754-ADB580A684EA}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe | 
"{EBE49D36-44C4-4F49-A663-995B298A4796}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | 
"{EE5E4FB3-D886-4E78-BF86-C03B5E043455}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe | 
"TCP Query User{11C2701B-02ED-4F34-8582-6B55CBE30285}C:\users\bloona\documents\zerg_reveal_final_german_xvid.avi-downloader.exe" = protocol=6 | dir=in | app=c:\users\bloona\documents\zerg_reveal_final_german_xvid.avi-downloader.exe | 
"TCP Query User{227B1375-E1A6-4165-802A-443719F65ED8}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"TCP Query User{2C6740AC-BEE2-46BB-8924-7723FB9DBC51}C:\users\bloona\documents\starcraft2artworktrailereu-avi-downloader.exe" = protocol=6 | dir=in | app=c:\users\bloona\documents\starcraft2artworktrailereu-avi-downloader.exe | 
"TCP Query User{2DF1739F-7627-4FA1-BAC4-4258C53A7EE0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{5034E0BC-8A34-4A1A-B696-AC5B85F4729D}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{573E7FAF-DA1E-4271-8B37-340AE5D3AFA1}C:\users\bloona\documents\terran_demo_german_sub.avi-downloader.exe" = protocol=6 | dir=in | app=c:\users\jens\documents\terran_demo_german_sub.avi-downloader.exe | 
"TCP Query User{5958C815-EC0C-46F7-A146-AF3BB9F99EB8}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"TCP Query User{96A1FBE1-B81F-4463-B334-557A5BFA0173}C:\program files\diablo\diablo.exe" = protocol=6 | dir=in | app=c:\program files\diablo\diablo.exe | 
"TCP Query User{A76AF371-D9A6-44DD-8E6E-E3DD591B161C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{C6BE7486-22A5-4407-AF48-F60A442747F8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{D1F83FBE-1E37-41DC-84C5-8DFA3D247F67}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{D323809F-2E7D-4D20-AE18-0EFC6D4D2A01}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{EF5751E1-C8CA-4932-B6E3-814BC625F740}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe | 
"TCP Query User{FF310DDF-1BE1-4A2C-BCC9-9BA8874A3303}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{1C68B677-4B23-4068-A2AD-6E44D4934B22}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{445B4DF2-8327-43F7-AF26-431CAB7071A4}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"UDP Query User{46DED997-CA24-466B-9337-D69045049A47}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{4B7E20FD-DFF5-4432-A16E-0003F2D8EE0F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{5B0247A0-506E-4603-B535-99D31A6B4814}C:\program files\diablo\diablo.exe" = protocol=17 | dir=in | app=c:\program files\diablo\diablo.exe | 
"UDP Query User{710FC95A-F117-41FD-A0FA-8D6EBE6DD049}C:\users\bloona\documents\starcraft2artworktrailereu-avi-downloader.exe" = protocol=17 | dir=in | app=c:\users\bloona\documents\starcraft2artworktrailereu-avi-downloader.exe | 
"UDP Query User{84455125-E768-4329-AFEB-0D4DDA93A098}C:\users\bloona\documents\terran_demo_german_sub.avi-downloader.exe" = protocol=17 | dir=in | app=c:\users\bloona\documents\terran_demo_german_sub.avi-downloader.exe | 
"UDP Query User{ACD82890-6CD8-4C27-811E-AAA810FA72BC}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{AF9B2650-A0F1-40A8-9172-125C3F71B2AD}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe | 
"UDP Query User{AFCA753A-74C6-43F9-BFAA-B393AE0B832E}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{B059BF5A-AC3B-463B-B945-238C2BDE6077}C:\users\bloona\documents\zerg_reveal_final_german_xvid.avi-downloader.exe" = protocol=17 | dir=in | app=c:\users\jens\documents\zerg_reveal_final_german_xvid.avi-downloader.exe | 
"UDP Query User{CC6D6382-904F-4A8B-9C28-54F94641C35F}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"UDP Query User{D0FADA7E-5C60-4087-8ABC-5A38DDD0F7C7}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{F6EE8DF7-08EA-48C5-AEFF-63EDC570D1AE}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 20
"{2C82E097-694E-44ea-A947-2750679469CF}" = Die Sims™ 2
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31B59248-4591-4ED7-BBE9-588C60F09FAC}" = G Data TotalCare 2011
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46548E80-0407-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"artido-Foto Fun collection" = artido-Foto Fun collection
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Diablo" = Diablo
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX100_TX100 Benutzerhandbuch" = EPSON Stylus SX100_TX100 Handbuch
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PaintToolSAI" = PaintTool SAI Ver.1
"Pen Tablet Driver" = Bamboo
"Scriptorium_for_TS2_is1" = Scriptorium for TS2
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer 
"Starcraft" = Starcraft
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo" = Diablo
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.06.2010 04:09:32 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 30.06.2010 04:09:32 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 30.06.2010 11:00:32 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 30.06.2010 11:00:32 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.07.2010 02:54:53 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.07.2010 02:54:53 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.07.2010 12:44:11 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.07.2010 12:44:11 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.07.2010 03:34:35 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.07.2010 03:34:35 | Computer Name = bloonaPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 30.08.2010 14:16:19 | Computer Name = bloonaPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 30.08.2010 14:26:43 | Computer Name = bloonaPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.08.2010 03:40:18 | Computer Name = bloonaPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.08.2010 12:40:00 | Computer Name = bloonaPC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 31.08.2010 12:40:24 | Computer Name = bloonaPC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 31.08.2010 12:54:42 | Computer Name = bloonaPC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 31.08.2010 15:51:35 | Computer Name = bloonaPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.09.2010 04:31:50 | Computer Name = bloonaPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.09.2010 05:46:53 | Computer Name = bloonaPC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 01.09.2010 um 11:45:06 unerwartet heruntergefahren.
 
Error - 01.09.2010 05:48:18 | Computer Name = bloonaPC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

--- --- ---

Was sagen denn die ganzen Logfiles? Sieht es eher 'gut' oder 'schlecht' aus, also hab ich einen Trojaner?

Swisstreasure · 01.09.2010, 20:22

Sagt Dir dieser Eintrag etwas:

Zitat:

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764 begin_of_the_skype_highlighting**************006097098764******end_of_the_skype_highlighting} hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab (Macromedia Authorware Web Player Control)

Hast Du denn Meldungen op
der Beschwerden?