Notebook wird immer langsamer! Trojan.ZbotR.Gen gefunden!

Augee · 24.11.2010, 14:37

Schönen Nachmittag!
Ich habe bemerkt dass mein Notebook immer langsamer arbeitet und nicht mehr die Leistung von früher bringt. Habe deshalb vorsichtshalber einen Suchlauf mit Malwarebytes gestartet und leider wurde der Trojaner Trojan.ZbotR.Gen gefunden. Zusätlich noch Trojan.Alureon und SetupCasino_71dc.exe (Adware.Casino). Habe versucht diese Schädlinge per Malwarebytes zu bereinigen, wobei ich jetzt keine Ahnung habe ob dies gelungen ist oder nicht.
Ich nutze kein Inetbanking auf dem Notebook, weil ich per Google gelesen habe, dass der Trojaner in Zusammenhang mit Inetbanking steht.
Ich bitte euch um eure Hilfe und ersuche euch deshalb meine Logfiles durchzusehen!

1 Logfile von Highjackthis.

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:56:38, on 24.11.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\mobsync.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-2033859835-3188035581-74544547-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'auge')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - hxxp://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9492 bytes

2. Aktuelles Logfile von Malwarebytes

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5179

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

24.11.2010 13:42:18
mbam-log-2010-11-24 (13-42-18)kompl.txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 330161
Laufzeit: 2 Stunde(n), 47 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Mama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64FBPFRQ\update[1].exe (Trojan.Alureon) -> No action taken.

3. Älteres Logfile wo der Trojaner Trojan.ZbotR.Gen erkannt wurde

Code:

ATTFilter

 Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5174

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

23.11.2010 12:02:17
mbam-log-2010-11-23 (12-02-17).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 184476
Laufzeit: 25 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{2dfd6f40-468c-0b0c-a0b0-1fb1d5a849d0} (Trojan.ZbotR.Gen) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Mama\AppData\Local\Temp\YW793g7i.exe (Trojan.Alureon) -> No action taken.
C:\Users\Flo\downloads\SetupCasino_71dc.exe (Adware.Casino) -> No action taken.

4. Logfile Nr1. von OTL

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.11.2010 14:02:19 - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Flo\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 153,00 Mb Available Physical Memory | 15,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): c:\pagefile.sys 1500 1500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,80 Gb Total Space | 8,77 Gb Free Space | 20,02% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,47 Gb Free Space | 44,72% Space Free | Partition Type: NTFS
 
Computer Name: MSPC | User Name: Flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Flo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Programme\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - c:\Programme\McAfee\MSC\mcuimgr.exe (McAfee, Inc.)
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)
PRC - c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Programme\McAfee\MPS\mpsevh.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MPS\mps.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)
PRC - C:\Programme\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee Inc.)
PRC - c:\Programme\Common Files\McAfee\RedirSvc\RedirSvc.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
PRC - C:\Windows\System32\PAStiSvc.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Flo\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MPS9) -- C:\Programme\McAfee\MPS\mps.exe (McAfee, Inc.)
SRV - (McAfee HackerWatch Service) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee Inc.)
SRV - (McRedirector) -- c:\Programme\Common Files\McAfee\RedirSvc\RedirSvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (Emproxy) -- C:\Programme\Common Files\McAfee\EmProxy\emproxy.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (STI Simulator) -- C:\Windows\System32\PAStiSvc.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\BCM42RLY.sys File not found
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (DSproct) -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv) -- C:\Programme\DellSupport\Drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (PAC7311) -- C:\Windows\System32\drivers\PA707UCM.SYS (PixArt Imaging Inc.)
DRV - (PID_0920) Logitech QuickCam Express(PID_0920) -- C:\Windows\System32\drivers\LV532AV.SYS ()
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O13 - gopher Prefix: missing
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} hxxp://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.3.96.67 213.33.98.136 195.3.96.68
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{66070a40-cd5c-11de-85bd-0019b95ea057}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.24 13:53:44 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.11.24 01:24:33 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.11.24 01:23:51 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.11.24 01:23:39 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.11.24 01:23:38 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.11.24 01:23:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.11.24 01:23:36 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.11.24 01:23:35 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.11.24 01:23:35 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.11.24 01:23:34 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.11.24 01:23:34 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.11.24 01:23:34 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.11.24 01:23:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.11.24 01:23:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.11.24 01:23:33 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.11.24 01:23:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.11.24 01:23:32 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.11.24 01:23:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.11.24 01:23:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.11.24 01:23:31 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.11.24 01:23:14 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.11.24 01:22:23 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.11.24 01:22:22 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.11.24 01:22:17 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.11.24 01:22:09 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.11.24 01:10:41 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.11.23 18:20:31 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.11.23 18:01:46 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\Telefon
[2010.11.21 21:37:16 | 000,000,000 | ---D | C] -- C:\Programme\vShare
[2010.11.13 17:39:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.11.13 17:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.11.13 17:37:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.11.11 18:36:11 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\PokerStrategy.com
[2010.11.11 18:34:58 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\PokerStrategy.com
[2010.11.11 18:34:04 | 000,000,000 | ---D | C] -- C:\Programme\PokerStrategy.com
[2010.11.11 18:19:05 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.11.08 12:18:27 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.11.08 12:18:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.11.08 12:18:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.11.02 17:52:56 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\ICMTrainer
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.24 14:08:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FA1AC122-5203-4163-9D05-390C2D190037}.job
[2010.11.24 13:53:45 | 000,001,944 | ---- | M] () -- C:\Users\Flo\Desktop\HiJackThis.lnk
[2010.11.24 13:47:03 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.24 13:46:57 | 000,049,516 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010.11.24 13:46:34 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.24 13:46:34 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.24 13:46:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.24 13:46:01 | 1063,718,912 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.24 12:45:07 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.24 01:44:54 | 000,333,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.11.24 01:34:31 | 000,670,946 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.24 01:34:31 | 000,631,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.24 01:34:31 | 000,143,888 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.24 01:34:31 | 000,118,262 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.23 22:40:56 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2A11CD8B-2DC1-4399-8702-57C8C5FB714C}.job
[2010.11.23 18:24:26 | 000,211,370 | ---- | M] () -- C:\Users\Flo\Desktop\cc_20101123_182400.reg
[2010.11.23 18:20:36 | 000,000,840 | ---- | M] () -- C:\Users\Flo\Desktop\CCleaner.lnk
[2010.11.21 01:03:32 | 000,002,563 | ---- | M] () -- C:\Users\Flo\Desktop\ICM Trainer.lnk
[2010.11.08 12:17:57 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.11.08 12:17:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.11.08 12:17:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.11.08 12:17:56 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.11.01 21:52:32 | 000,005,077 | ---- | M] () -- C:\ProgramData\bltofzsb.qlf
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.24 13:53:45 | 000,001,944 | ---- | C] () -- C:\Users\Flo\Desktop\HiJackThis.lnk
[2010.11.23 18:24:09 | 000,211,370 | ---- | C] () -- C:\Users\Flo\Desktop\cc_20101123_182400.reg
[2010.11.23 18:20:36 | 000,000,840 | ---- | C] () -- C:\Users\Flo\Desktop\CCleaner.lnk
[2010.11.23 17:56:24 | 000,001,144 | ---- | C] () -- C:\Users\Flo\Desktop\mbam-log-2010-11-23 (17-56-09) 2
[2010.11.02 17:48:42 | 000,002,563 | ---- | C] () -- C:\Users\Flo\Desktop\ICM Trainer.lnk
[2010.11.01 21:52:32 | 000,005,077 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010.09.27 16:13:48 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2010.06.02 00:04:04 | 000,000,355 | ---- | C] () -- C:\Users\Flo\AppData\Local\postgresinstall.bat
[2010.02.26 12:49:54 | 000,000,016 | ---- | C] () -- C:\Users\Flo\AppData\Roaming\rbuwzv.dat
[2009.05.29 18:37:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.12.16 12:34:24 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions
[2008.12.16 12:34:24 | 000,000,268 | RH-- | C] () -- C:\Users\Flo\AppData\Roaming\Common
[2008.12.16 12:34:24 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2008.12.16 12:34:24 | 000,000,012 | RH-- | C] () -- C:\ProgramData\InkjetPrinter
[2008.12.16 12:34:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Console
[2008.12.16 12:34:02 | 000,000,268 | RH-- | C] () -- C:\Users\Flo\AppData\Roaming\Components
[2008.12.16 12:34:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Instrument Library
[2008.12.16 12:31:10 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2008.12.16 12:17:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Woodwinds
[2008.12.16 12:17:13 | 000,000,268 | RH-- | C] () -- C:\Users\Flo\AppData\Roaming\Vocals
[2008.12.16 12:17:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2008.12.16 12:13:15 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Widgets
[2008.12.16 12:13:15 | 000,000,268 | RH-- | C] () -- C:\Users\Flo\AppData\Roaming\Utilities
[2008.12.16 12:13:15 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2008.05.05 19:46:55 | 000,001,356 | ---- | C] () -- C:\Users\Flo\AppData\Local\d3d9caps.dat
[2008.03.04 18:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2008.01.03 13:08:48 | 000,000,136 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.01.03 01:19:17 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2007.10.31 09:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007.05.17 13:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007.04.26 10:16:04 | 000,027,503 | ---- | C] () -- C:\Users\Flo\AppData\Roaming\UserTile.png
[2007.04.10 11:00:22 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.04.10 10:54:24 | 000,000,000 | ---- | C] () -- C:\Users\Flo\AppData\Roaming\wklnhst.dat
[2007.04.10 10:38:03 | 000,010,752 | ---- | C] () -- C:\Users\Flo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.02 22:18:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2007.04.02 22:18:08 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007.04.02 22:18:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.04.02 22:17:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.02 22:17:40 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.04.02 14:40:34 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007.03.29 22:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006.12.12 10:13:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2006.12.12 09:02:50 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006.11.07 20:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005.01.31 09:13:22 | 000,163,328 | ---- | C] () -- C:\Windows\System32\drivers\LV532AV.SYS
[2005.01.31 07:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Flo\Documents\My PSP Files:Roxio EMC Stream
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:0E08FC17

< End of report >

--- --- ---

5. Logfile Nr.2(Extras) von HTL

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 24.11.2010 14:02:19 - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Flo\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 153,00 Mb Available Physical Memory | 15,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): c:\pagefile.sys 1500 1500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,80 Gb Total Space | 8,77 Gb Free Space | 20,02% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,47 Gb Free Space | 44,72% Space Free | Partition Type: NTFS
 
Computer Name: MSPC | User Name: Flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18553CB1-2EBA-4E07-A9CB-B6D52973B4BF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{2E8E4E7B-5D09-4F83-9D31-590DA35917CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{4A6AEE8A-F838-43FE-9BE6-3814B60DEFD7}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
"{B6E7620B-1B7D-4C8F-BA3F-C8C869A09D18}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2948C1FE-BB38-4DA2-9BB5-F5660A9F560F}" = protocol=6 | dir=in | app=c:\program files\cake poker 2.0\pokerclient.exe | 
"{691B54F6-3DBA-43A6-809D-21AFACDE4A8F}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"{70C12B17-66F8-4FC0-B665-EDC1B9202590}" = protocol=17 | dir=in | app=c:\program files\cake poker 2.0\pokerclient.exe | 
"{A326CC2C-5B97-4A17-A802-A2B6EB4358EC}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"{C9969B62-9440-4C90-BB25-014569742039}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{CB9B9E7D-613D-4691-A7DB-281D9E97A125}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{D0EE7914-94A9-4A90-A805-1E6393D667DC}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{E1D209FC-FE1C-46F1-94FC-811BDC9AC103}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F443C61C-70D6-406C-88B3-3E84C3D1089B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"TCP Query User{1E0A71AA-7747-408A-ABB6-0AB7333C2DE0}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{29770BA3-723D-4037-A824-97842F9AF52C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{3366573A-A950-4897-9310-F944E5837D6F}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{6642B199-48D8-41FB-A5B8-7926CB010D7C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{768A96F8-062E-4ADE-82A4-D36272CE27B5}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{991940B5-1509-4225-8B21-F967DA2CF70F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E7910B69-0E57-40D9-85E2-619CCB9DB356}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{019AE53B-63DC-4A5A-B6EB-E6C6024FCCB0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{16E88C93-8B67-413A-BDAA-26B990EC5C37}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{1F0EFFE4-8667-4736-9EFF-0820A9B35F99}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{3744A320-B518-4B34-BC08-3A385B333BBB}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{463F63E4-BEA3-4C41-A405-A11C0C4010D2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{844634C0-AAD3-4CB0-A264-DD7F69D81F28}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{DDE195B1-882E-40E8-B8EA-596B341DD23D}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E94D087-DA67-4C29-A9F7-CEB474E202F2}" = Playway 2 Übungs-CD-ROM Units 1 und 2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28C06EBC-2310-48DB-BA6A-DBEDAFADDEB0}" = PokerStrategy.com Elephant
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}" = QuickSet
"{59A83531-1BD5-4331-A7D9-7DDDE9E36327}" = SmartFTP Client
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem  (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows-Treiberpaket - Nokia (WUDFRd) WPD  (06/01/2007 6.84.33.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem  (02/15/2007 3.1)
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Karte
"Bumblebee 3" = Bumblebee 3
"Capture NX 2" = Capture NX 2
"CCleaner" = CCleaner
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows-Treiberpaket - Nokia Modem  (05/24/2007 6.84.0.1)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Deutsch 2" = Deutsch 2
"DivX Setup.divx.com" = DivX-Setup
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HoldemManager" = Holdem Manager
"IrfanView" = IrfanView (remove only)
"Junior Schreibstudio" = Microsoft Junior Schreibstudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MSC" = McAfee SecurityCenter
"Nokia PC Suite" = Nokia PC Suite
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"Sierra Utilities" = Sierra Utilities
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"ST6UNST #1" = Der Restaurant-Manager 1.5  Vollversion.de Edition
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6a
"vShare" = vShare Plugin
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 2.1.8.4
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

Danke vielmals für eure Bemühungen!
Augee

markusg · 24.11.2010, 14:52

machst du onlinebanking, einkäufe etc.?

Augee · 24.11.2010, 15:03

Servus!
Danke für das schnelle Lesen!.
Nein mache kein Onlinebanking und Einkäufe übers Inet sehr selten(ca. 3-4 mal pro Jahr) bei Amaz. und Ebay. Wobei der letzte Einkauf bei mir sicher schon 4 bis 5 Monate her ist.
Grüße
Augee

markusg · 24.11.2010, 16:56

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Augee · 24.11.2010, 20:39

Servus Markusg!
Danke für die prompte Hilfe!
Hab das Combofix logfile jetzt erstellt.

Code:

ATTFilter

ComboFix 10-11-23.05 - Flo 24.11.2010  20:03:55.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.43.1031.18.1014.369 [GMT 1:00]
ausgeführt von:: c:\users\Flo\Desktop\ComboFix.exe
SP: Anti-spyware *disabled* (Updated) {28F35613-436D-4D9B-8AB0-DDAA91F5A3CE}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Im Speicher befindliches AV aktiv.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Flo\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
c:\users\Mama\AppData\Roaming\.#

.
(((((((((((((((((((((((   Dateien erstellt von 2010-10-24 bis 2010-11-24  ))))))))))))))))))))))))))))))
.

2010-11-24 19:20 . 2010-11-24 19:22	--------	d-----w-	c:\users\Flo\AppData\Local\temp
2010-11-24 19:20 . 2010-11-24 19:20	--------	d-----w-	c:\users\Mama\AppData\Local\temp
2010-11-24 19:20 . 2010-11-24 19:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-11-24 19:20 . 2010-11-24 19:20	--------	d-----w-	c:\users\auge\AppData\Local\temp
2010-11-24 12:53 . 2010-11-24 12:53	388096	----a-r-	c:\users\Flo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-24 12:53 . 2010-11-24 12:53	--------	d-----w-	c:\program files\Trend Micro
2010-11-24 00:24 . 2010-09-13 13:56	168960	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2010-11-24 00:24 . 2010-09-13 13:56	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2010-11-24 00:22 . 2010-06-28 17:00	1316864	----a-w-	c:\windows\system32\ole32.dll
2010-11-24 00:22 . 2010-06-28 14:54	339968	----a-w-	c:\program files\Windows NT\Accessories\wordpad.exe
2010-11-24 00:22 . 2010-08-31 15:46	954752	----a-w-	c:\windows\system32\mfc40.dll
2010-11-24 00:22 . 2010-08-31 15:46	954288	----a-w-	c:\windows\system32\mfc40u.dll
2010-11-24 00:22 . 2010-05-04 19:13	231424	----a-w-	c:\windows\system32\msshsq.dll
2010-11-24 00:22 . 2010-08-31 13:27	2038272	----a-w-	c:\windows\system32\win32k.sys
2010-11-24 00:10 . 2010-08-20 16:05	867328	----a-w-	c:\windows\system32\wmpmde.dll
2010-11-24 00:10 . 2010-08-31 15:44	531968	----a-w-	c:\windows\system32\comctl32.dll
2010-11-23 17:20 . 2010-11-23 17:20	--------	d-----w-	c:\program files\CCleaner
2010-11-21 20:37 . 2010-11-21 20:37	--------	d-----w-	c:\program files\vShare
2010-11-13 16:39 . 2010-11-13 16:39	--------	d-----w-	c:\program files\Common Files\Adobe
2010-11-11 17:34 . 2010-11-11 17:36	--------	d-----w-	c:\users\Flo\AppData\Local\PokerStrategy.com
2010-11-11 17:34 . 2010-11-11 17:34	--------	d-----w-	c:\program files\PokerStrategy.com
2010-11-11 17:19 . 2010-11-11 17:19	--------	d-----w-	c:\program files\Microsoft.NET
2010-11-02 16:52 . 2010-11-02 16:52	--------	d-----w-	c:\users\Flo\AppData\Local\ICMTrainer

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 17:00 . 2010-06-01 23:10	2269	----a-w-	c:\programdata\sortedcards.tmp
2010-11-11 16:27 . 2010-06-01 23:26	5407161	----a-w-	c:\programdata\playercachelines.tmp
2010-11-08 11:17 . 2010-05-08 20:32	472808	----a-w-	c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-15 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader - Schnellstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-2 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickSet.lnk - c:\windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-4-2 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46	1135912	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2007-11-01 16:12	582992	----a-w-	c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MskAgentexe]
2006-11-03 07:31	161360	----a-w-	c:\program files\McAfee\MSK\mskagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2008-09-30 13:06	485208	----a-w-	c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-06-18 13:10	271360	----a-w-	c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45	313472	----a-r-	c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 PAC7311;Trust Webcam 14839;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-30 64160]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
.
Inhalt des "geplante Tasks" Ordners

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 11:52]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 11:52]

2010-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-10 11:32]

2010-09-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-10 11:32]

2010-11-24 c:\windows\Tasks\User_Feed_Synchronization-{2A11CD8B-2DC1-4399-8702-57C8C5FB714C}.job
- c:\windows\system32\msfeedssync.exe [2010-11-24 04:25]

2010-11-24 c:\windows\Tasks\User_Feed_Synchronization-{FA1AC122-5203-4163-9D05-390C2D190037}.job
- c:\windows\system32\msfeedssync.exe [2010-11-24 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.orf.at/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
AddRemove-RedBaronII - c:\sierra\RedBaronII\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-24 20:21
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(656)
c:\windows\System32\BCMLogon.dll
.
Zeit der Fertigstellung: 2010-11-24  20:33:56
ComboFix-quarantined-files.txt  2010-11-24 19:33

Vor Suchlauf: 9.987.473.408 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 10.787.192.832 Bytes frei

- - End Of File - - 5DDA7F98210DD6AF496CCA0BF0F6205B

markusg · 24.11.2010, 20:43

http://www.trojaner-board.de/74908-a...t-scanner.html
poste bitte einen GMER log.

Augee · 24.11.2010, 21:28

Hallo!
Habe gerade das GMER Logfile erstellt und es sieht so aus.

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-24 21:23:41
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHW2060BH rev.00850012
Running: i9pypjrl.exe; Driver: C:\Users\Flo\AppData\Local\Temp\pgldypog.sys


---- System - GMER 1.0.15 ----

INT 0x01        ?                                                                                             A9987C42

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwTerminateProcess [0xA9919227]

---- Kernel code sections - GMER 1.0.15 ----

PAGE            ntkrnlpa.exe!ZwTerminateProcess                                                               81FF4DA3 5 Bytes  JMP A991922B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
?               System32\drivers\niolgb.sys                                                                   Das System kann den angegebenen Pfad nicht finden. !
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                    Das System kann die angegebene Datei nicht finden. !
?               C:\Users\Flo\AppData\Local\Temp\catchme.sys                                                   Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                        mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                       Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                       Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                       Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                       Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                     Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \FileSystem\fastfat \Fat                                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                      mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

--- --- ---

Danke für die schnelle Unterstützung!

markusg · 25.11.2010, 11:26

das problem bei zbot ist, das er daten ausspäht, und enderungen am bs vornimmt, die wir nicht mehr nachvollziehen können.
wenn du nun online einkäufe machst, besteht die gefahr, ausgespäht zu werden, deswegen sollten wir daten sichern, neu aufsetzen, absichern.
zum absichern gehört zb ein backup, dass du beim nächsten trojaner befall nutzen kannst, um dein system in 5-10 minuten wieder zurückzusetzen.

Augee · 25.11.2010, 11:52

Servus!
Danke für die Informationen.
Daten habe ich schon auf einer externen Festplatte gesichert. Werde Vista dann neu aufsetzen mit eingeschränkten Benutzern usw.
Würde mich dann wieder hier melden wenn ich das alle gemacht habe und wäre für weitere Tipps zwecks Absicherung und Backup usw dankbar.
Danke nochmal für die Hilfe bis jetzt!
Augee

markusg · 25.11.2010, 12:13

ok meld dich.

24.11.2010, 14:52	#2
markusg /// Malware-holic	Notebook wird immer langsamer! Trojan.ZbotR.Gen gefunden! machst du onlinebanking, einkäufe etc.? __________________ __________________

24.11.2010, 20:43	#6
markusg /// Malware-holic	Notebook wird immer langsamer! Trojan.ZbotR.Gen gefunden! http://www.trojaner-board.de/74908-a...t-scanner.html poste bitte einen GMER log. __________________ --> Notebook wird immer langsamer! Trojan.ZbotR.Gen gefunden!

25.11.2010, 12:13	#10
markusg /// Malware-holic	Notebook wird immer langsamer! Trojan.ZbotR.Gen gefunden! ok meld dich. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Notebook wird immer langsamer! Trojan.ZbotR.Gen gefunden!

Log-Analyse und Auswertung: Notebook wird immer langsamer! Trojan.ZbotR.Gen gefunden!