Home » Viren, Trojaner & Malware Forum » Nach Virenbefall lässt sich windowsmail und firefox nicht mehr öffnen » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

Nach Virenbefall lässt sich windowsmail und firefox nicht mehr öffnen

05.01.2012, 17:51

Ferris73

...neu hier

Beiträge: 7

#1 Hallo zusammen,

nach Virenbefall habe ich schon Malwarebytes laufen lassen.
Es wurden Viren erkannt, die ich auch über Malewarebytes habe löschen lassen.

Jetzt funktioniert aber kein windowsmail mehr (0x800C0155,2 Fehler) und auch kein Firefox.
Dies betrifft allerdings nur meinen eigenen user. Ich poste vom user meiner Frau aus.
Irgendwie nimmt er auch unter meinem Benutzer meine Einstellung "Proxyeinstellungen des Systems verwenden" bei firefox nicht mehr an.

Hier mal 2 log files von OTL bei dem ich auch "Scane alle Benutzer" angeklickt habe:

OTL logfile created on: 05.01.2012 17:44:15 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Susi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,65 Gb Available Physical Memory | 32,74% Memory free
4,23 Gb Paging File | 2,31 Gb Available in Paging File | 54,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 372,61 Gb Total Space | 74,18 Gb Free Space | 19,91% Space Free | Partition Type: NTFS

Computer Name: KARSTEN-PC | User Name: Susi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - File not found
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\Ad-Aware.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Users\Susi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\cygwin\usr\sbin\sshd.exe ()
PRC - C:\Programme\AIM\aim.exe (AOL Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.)
PRC - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\Windows\System32\ANIWConnService.exe ()
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\cygwin\bin\cygrunsrv.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Programme\Lavasoft\Ad-Aware\PrivacyClean.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\wlanapp.dll ()
MOD - C:\Programme\D-Link\DWL-G122_DWA-110\ANIOApi.dll ()
MOD - C:\Programme\ANI\ANIWZCS2 Service\ANIOApi.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_b427739.dll ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (ANIWConnService) -- C:\Windows\System32\ANIWConnService.exe ()
SRV - (sshd) -- C:\cygwin\bin\cygrunsrv.exe ()
SRV - (BrlAPI) -- C:\cygwin\bin\cygrunsrv.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (netr28u) -- C:\Windows\System32\drivers\Dnetr28u.sys (Ralink Technology Corp.)
DRV - (anodlwf) -- C:\Windows\System32\drivers\anodlwf.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (MagicTune) -- C:\Windows\System32\drivers\MTiCtwl.sys ()

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1932084568-354705828-2513971960-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=090280f0-1843-11e1-a2c4-c54a62e66f9d
IE - HKU\S-1-5-21-1932084568-354705828-2513971960-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1932084568-354705828-2513971960-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKU\S-1-5-21-1932084568-354705828-2513971960-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1932084568-354705828-2513971960-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60465

IE - HKU\S-1-5-21-1932084568-354705828-2513971960-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1932084568-354705828-2513971960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "file:///C:/Users/Susi/start.html"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {EEA2F5E2-432D-49C1-AB2F-982677355DE3}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EEA2F5E2-432D-49C1-AB2F-982677355DE3}: C:\Users\Karsten\AppData\Local\{EEA2F5E2-432D-49C1-AB2F-982677355DE3}\ [2011.04.10 09:12:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.01.05 02:23:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.13 18:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.26 16:27:18 | 000,000,000 | ---D | M]

[2009.08.10 11:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susi\AppData\Roaming\mozilla\Extensions
[2011.09.03 13:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susi\AppData\Roaming\mozilla\Firefox\Profiles\1uwaxh1b.default\extensions
[2010.04.27 21:37:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Susi\AppData\Roaming\mozilla\Firefox\Profiles\1uwaxh1b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.29 19:44:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Susi\AppData\Roaming\mozilla\Firefox\Profiles\1uwaxh1b.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.11.13 18:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.05 02:23:28 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011.11.13 18:35:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.24 13:43:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011.08.30 21:35:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.30 21:29:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.08.30 21:35:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.30 21:35:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.30 21:35:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.30 21:35:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.11.02 21:31:47 | 000,000,054 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll̀ File not found
O3 - HKU\S-1-5-21-1932084568-354705828-2513971960-1000\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKU\S-1-5-21-1932084568-354705828-2513971960-1001\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] C:\Programme\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1932084568-354705828-2513971960-1000..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1932084568-354705828-2513971960-1000..\Run: [RDReminder] File not found
O4 - HKU\S-1-5-21-1932084568-354705828-2513971960-1000..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun File not found
O4 - HKU\S-1-5-21-1932084568-354705828-2513971960-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1932084568-354705828-2513971960-1001..\Run: [Akamai NetSession Interface] C:\Users\Susi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - Startup: C:\Users\Karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-1932084568-354705828-2513971960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1932084568-354705828-2513971960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-1932084568-354705828-2513971960-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ( )
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ( )
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57F177B6-DAFB-475C-9A67-69983FF379D7}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Susi\Pictures\2011_05\PICT0086.JPG
O24 - Desktop BackupWallPaper: C:\Users\Susi\Pictures\2011_05\PICT0086.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: mmcmsdt - (C:\Windows\system32\NAPSosk.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.01.05 17:33:16 | 004,370,492 | ---- | C] (Swearware) -- C:\Users\Susi\Desktop\Combo-Fix.exe
[2012.01.05 16:44:06 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.01.05 13:01:53 | 000,000,000 | ---D | C] -- C:\Users\Susi\AppData\Roaming\uTorrent
[2012.01.05 11:51:08 | 000,000,000 | ---D | C] -- C:\Users\Susi\AppData\Roaming\Malwarebytes
[2012.01.05 11:42:39 | 000,000,000 | ---D | C] -- C:\Users\Susi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.01.05 11:25:17 | 144,031,688 | ---- | C] (AVG Technologies) -- C:\Users\Susi\Desktop\avg_free_x86_all_2012_1901a4695.exe
[2012.01.05 02:56:11 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.01.05 02:24:35 | 000,000,000 | ---D | C] -- C:\Users\Susi\AppData\Roaming\AVG2012
[2012.01.05 02:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012.01.05 02:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012.01.05 02:21:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012.01.01 13:15:29 | 000,000,000 | ---D | C] -- C:\Users\Susi\AppData\Roaming\dll-files.com
[2012.01.01 00:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.01.01 00:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.01.01 00:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files.com Fixer
[2012.01.01 00:39:43 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012.01.01 00:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Dll-Files.com Fixer
[2011.12.31 23:17:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011.12.31 23:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\EA SPORTS
[2011.12.26 08:36:21 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.12.26 08:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.12.14 20:51:56 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.14 20:51:56 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 20:51:17 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 20:51:07 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.14 20:51:07 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.12.14 20:51:07 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.14 20:51:07 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.12.14 20:51:07 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.12.14 20:51:07 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.12.14 20:51:07 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.14 20:41:46 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 20:37:59 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 20:37:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.01.05 17:40:28 | 086,023,149 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.01.05 17:38:00 | 000,000,000 | ---- | M] () -- C:\Users\Susi\AppData\Local\prvlcl.dat
[2012.01.05 17:33:22 | 004,370,492 | ---- | M] (Swearware) -- C:\Users\Susi\Desktop\Combo-Fix.exe
[2012.01.05 17:30:19 | 000,126,976 | ---- | M] () -- C:\Users\Susi\Desktop\deljob.exe
[2012.01.05 17:26:40 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.05 17:26:40 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.05 17:14:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.05 16:44:06 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.01.05 16:38:51 | 000,003,284 | ---- | M] () -- C:\Users\Susi\AppData\Roaming\ANIWZCS{57F177B6-DAFB-475C-9A67-69983FF379D7}
[2012.01.05 15:31:20 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.05 15:26:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.05 15:26:13 | 2146,746,368 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.05 14:39:11 | 000,072,704 | ---- | M] () -- C:\Users\Susi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.05 14:05:26 | 000,002,521 | ---- | M] () -- C:\Users\Susi\Desktop\HiJackThis.lnk
[2012.01.05 11:40:15 | 001,402,880 | ---- | M] () -- C:\Users\Susi\Desktop\HiJackThis-2-04.msi
[2012.01.05 11:26:57 | 144,031,688 | ---- | M] (AVG Technologies) -- C:\Users\Susi\Desktop\avg_free_x86_all_2012_1901a4695.exe
[2012.01.05 03:31:38 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.01.05 03:29:39 | 000,000,008 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{57F177B6-DAFB-475C-9A67-69983FF379D7}
[2012.01.05 03:14:04 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012.01.05 03:14:04 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2012.01.05 02:31:29 | 000,003,284 | R--- | M] () -- C:\Windows\System32\ANIWZCS{57F177B6-DAFB-475C-9A67-69983FF379D7}
[2012.01.05 02:31:19 | 000,620,460 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012.01.04 19:10:23 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.01.04 19:10:23 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.01.04 13:17:00 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2011.12.31 02:54:51 | 000,638,180 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.31 02:54:51 | 000,604,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.31 02:54:51 | 000,131,320 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.31 02:54:51 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.26 08:39:18 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011.12.23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.12.15 22:40:59 | 000,255,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.12 21:06:29 | 000,388,655 | ---- | M] () -- C:\Users\Susi\Desktop\Berg.jpg
[2011.12.10 20:16:31 | 000,182,044 | ---- | M] () -- C:\Users\Susi\Desktop\AP-Gelber Rucksack.jpg
[2011.12.10 20:15:25 | 008,631,974 | ---- | M] () -- C:\Users\Susi\Desktop\Unbenannt 1.odg
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.01.05 17:40:28 | 086,023,149 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.01.05 17:30:08 | 000,126,976 | ---- | C] () -- C:\Users\Susi\Desktop\deljob.exe
[2012.01.05 11:42:40 | 000,002,521 | ---- | C] () -- C:\Users\Susi\Desktop\HiJackThis.lnk
[2012.01.05 11:40:14 | 001,402,880 | ---- | C] () -- C:\Users\Susi\Desktop\HiJackThis-2-04.msi
[2012.01.05 11:33:38 | 000,620,460 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012.01.05 03:31:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.01.05 03:14:04 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2012.01.05 03:14:04 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2012.01.01 00:40:02 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2011.12.26 08:46:38 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.12.12 21:06:23 | 000,388,655 | ---- | C] () -- C:\Users\Susi\Desktop\Berg.jpg
[2011.12.10 20:16:27 | 000,182,044 | ---- | C] () -- C:\Users\Susi\Desktop\AP-Gelber Rucksack.jpg
[2011.12.10 20:15:23 | 008,631,974 | ---- | C] () -- C:\Users\Susi\Desktop\Unbenannt 1.odg
[2011.05.25 19:11:02 | 000,003,284 | ---- | C] () -- C:\Users\Susi\AppData\Roaming\ANIWZCS{57F177B6-DAFB-475C-9A67-69983FF379D7}
[2011.05.25 19:10:44 | 000,000,282 | ---- | C] () -- C:\Users\Susi\AppData\Roaming\ANICONFIG_{57F177B6-DAFB-475C-9A67-69983FF379D7}.ini
[2011.05.25 18:23:23 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ANIWConnService.exe
[2011.05.25 18:23:11 | 000,258,048 | ---- | C] () -- C:\Windows\System32\wlanapp.dll
[2011.05.25 18:23:11 | 000,217,088 | ---- | C] () -- C:\Windows\System32\aIPH.dll
[2011.05.25 18:23:11 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AQCKGen.dll
[2011.05.25 18:23:11 | 000,045,115 | ---- | C] () -- C:\Windows\System32\ANICtl.dll
[2011.05.25 18:22:58 | 000,315,392 | ---- | C] () -- C:\Windows\System32\ANIOApi.dll
[2011.05.25 18:22:34 | 000,733,184 | ---- | C] () -- C:\Windows\System32\ANIOWPS.dll
[2011.05.25 18:22:34 | 000,237,568 | ---- | C] () -- C:\Windows\System32\ANIWPS.exe
[2011.05.25 18:19:32 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2011.05.25 18:19:31 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011.05.25 18:19:31 | 000,002,048 | ---- | C] () -- C:\Windows\System32\rt73.bin
[2011.04.29 08:12:30 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.29 08:12:30 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.21 17:00:28 | 000,013,312 | ---- | C] () -- C:\Windows\System32\drivers\MTiCtwl.sys
[2011.01.29 12:50:34 | 000,004,976 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
[2010.09.04 13:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.03.24 18:51:11 | 000,000,000 | ---- | C] () -- C:\Users\Susi\AppData\Local\prvlcl.dat
[2010.03.21 01:35:36 | 000,061,440 | ---- | C] () -- C:\Windows\System32\leasrsa.dll
[2010.03.21 01:35:36 | 000,000,259 | ---- | C] () -- C:\Windows\System32\Sdat.dat
[2009.11.30 23:37:44 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.09.24 07:07:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 07:07:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.22 14:40:34 | 000,000,621 | ---- | C] () -- C:\Windows\psnetwork.ini
[2009.08.22 14:40:34 | 000,000,074 | ---- | C] () -- C:\Windows\powerplayer.ini
[2009.08.22 14:40:34 | 000,000,020 | ---- | C] () -- C:\Windows\powerlist.ini
[2009.08.11 20:07:20 | 000,072,704 | ---- | C] () -- C:\Users\Susi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.04 17:28:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.07.16 14:20:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.05.29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.01.21 08:15:58 | 000,638,180 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,131,320 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.09.04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,255,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,604,082 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:24051EFF
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:680DD2F1

< End of report >

OTL Extras logfile created on: 05.01.2012 17:44:15 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Susi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,65 Gb Available Physical Memory | 32,74% Memory free
4,23 Gb Paging File | 2,31 Gb Available in Paging File | 54,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 372,61 Gb Total Space | 74,18 Gb Free Space | 19,91% Space Free | Partition Type: NTFS

Computer Name: KARSTEN-PC | User Name: Susi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1932084568-354705828-2513971960-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1932084568-354705828-2513971960-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisabledInterfaces" = {CA717412-4EC7-4F88-ADDF-0B1C45EE7C48},{311E0A53-D378-42D4-BDC8-3EA9F604E451}

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled

PMate -- ()
"C:\Program Files\PPMate\ppmnet.exe" = C:\Program Files\PPMate\ppmnet.exe:*:Enabled

PMate -- (ppmate)

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2736CD7D-043C-4B29-B91F-7A6647B64458}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2BED94B5-A3B5-4CBD-8B6F-D1F8C16C7BA2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{378D04C7-D198-4617-B96E-427FFEFF53E5}" = rport=139 | protocol=6 | dir=out | app=system |
"{51F4F4FC-89FF-4D96-9521-78B2B1A4D76E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6BC2EAAC-EE78-4FE5-93B5-91D0F067F82F}" = rport=137 | protocol=17 | dir=out | app=system |
"{72DBD17E-5326-4309-AF97-7C56FF887F72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{779CEEF2-5C92-40F9-9F3B-E239B32BAF54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{857C50F1-1712-4D4D-B675-9F1B47F33F40}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8FD7889E-E850-4171-B9EB-F52ED11F8534}" = lport=138 | protocol=17 | dir=in | app=system |
"{996D27CF-D9E7-4C01-A37F-A07795CE1FAF}" = lport=445 | protocol=6 | dir=in | app=system |
"{A500FE19-7F3B-4847-9EA2-51CCB0426518}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A93EFAE7-698C-4C78-B980-138B20306CBB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AB4E686E-0280-47CA-B142-65BA27DEADAF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B6105937-477C-4A96-999A-AB48EF8E3800}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B65D57D3-87CB-4AF3-80F4-A7992B714BAB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B679F482-0FE3-48D9-95BE-7C51518C20E3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B81DAAD9-23EC-4076-AC6B-1F7642ED9413}" = lport=139 | protocol=6 | dir=in | app=system |
"{B93AF919-F734-4B1B-939F-B3FB812247F5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C7B24941-069B-4097-89E8-822401648E72}" = rport=138 | protocol=17 | dir=out | app=system |
"{CD6906FD-3077-41D2-912D-D6ECB1014729}" = rport=445 | protocol=6 | dir=out | app=system |
"{E05B4189-F705-4D8F-82F9-AF5E0FDFC74F}" = lport=137 | protocol=17 | dir=in | app=system |
"{F8F1FC02-F89B-411A-8826-4BB0E164C7B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1441F0D7-AF9A-40A1-A1E1-ED11A07C3C41}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{165F1197-1306-4EEF-A201-4E55F1B33345}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{24036713-AF81-4673-9720-89DFD39B99B2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2868C198-9D82-4749-8699-BC228F3BF974}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{4C585324-6739-40EB-8258-2D838A277327}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{653B000C-C1BF-4FA0-9BB8-4C2500909FCC}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe |
"{6552C9D4-4A38-4B82-BE7D-65505AE7B667}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7611B659-8872-4953-98E0-4875B0607EC6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{833453F7-2E38-4861-A1B5-5B3DD8773821}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8C92E15C-D7D7-4B48-A744-43588289AF51}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8FE5E45A-DB23-420E-9FF5-E9C9A389C0D5}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{93B256C1-BAB9-4DD7-977E-EE655DE759B6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9918006E-F65B-47DC-A882-62F182401293}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A0627C81-A916-46C2-971A-40C4428F191D}" = protocol=17 | dir=in | app=c:\users\susi\appdata\local\akamai\netsession_win.exe |
"{A36CEE82-EDDF-4223-BDCE-6BFBF97439F7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AF6FB296-DDB1-4532-84E1-BAB70055C819}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{B5754F05-0B9E-4B1C-828F-07B01A9EE072}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{D000215B-B7A9-48C3-9C82-B1346D478F3A}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe |
"{DFB17FF6-6517-4196-975E-B00C3DACFF9E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DFF3FE0E-2192-44CC-BFDA-7A0C6CD7B5E7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{E31EBA80-261F-4C20-B594-12888B30DD85}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{E445A7BC-404F-4AAD-8914-6606158FCA80}" = protocol=6 | dir=in | app=c:\users\susi\appdata\local\akamai\netsession_win.exe |
"{E7B494F9-7B75-48E4-9D90-8A530E8B44B9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EA8F4BDA-8137-4162-8D59-EFF072DBEC10}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{F027582B-705B-45FB-AB1C-93BAE9E91D4D}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{107DEB07-0D8C-4E2D-8DEA-1EFCD968F1F1}" = capella 2008
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F753314-628E-4C13-B8AE-BFA7FD514CBE}" = D-Link Wireless G DWL-G122_DWA-110
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C416D62-6939-44AB-BFDE-0F14AD744DB1}" = Movavi Video Converter 10
"{A35883BD-9C83-4625-82F3-90F86728C662}" = FreeUndelete
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA7096C1-7BF8-483E-9CF1-E303842349BF}" = COMPUTERBILD-Abzockschutz
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Any Video Converter_is1" = Any Video Converter 3.1.8
"AVG" = AVG 2012
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"DFX for Winamp" = DFX for Winamp
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dll-Files.com Fixer_is1" = Dll-Files.com Fixer
"ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular für Privatanwender
"eMule" = eMule
"Forte 3 Premium" = Forte 3 - Premium Edition
"Forte Free" = Forte Free 2.0
"Free Studio_is1" = Free Studio version 4.8
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"InterActual Player" = InterActual Player
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Picture Resize Genius_is1" = Picture Resize Genius 2.9.9
"PPLive" = PPLive 1.9
"ppmate" = PPMate Network TV 2.0.0.40
"PPStream_is1" = PPStream
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PuTTY_is1" = PuTTY version 0.61
"QuickTime" = QuickTime
"Recuva" = Recuva
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SopCast" = SopCast 3.2.4
"The Rosetta Stone" = The Rosetta Stone
"TVUPlayer" = TVUPlayer 2.4.9.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"vShare.tv plugin" = vShare.tv plugin 1.3
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XviD" = XviD MPEG-4 Codec

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1932084568-354705828-2513971960-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 05.01.2012 10:30:17 | Computer Name = Karsten-PC | Source = ESENT | ID = 490
Description = WinMail (5728) WindowsMail0: Versuch, Datei "C:\Users\Karsten\AppData\Local\Microsoft\Windows
Mail\edb.chk" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005):
"Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von
Dateien.

Error - 05.01.2012 10:30:27 | Computer Name = Karsten-PC | Source = ESENT | ID = 490
Description = WinMail (5728) WindowsMail0: Versuch, Datei "C:\Users\Karsten\AppData\Local\Microsoft\Windows
Mail\edb.log" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005):
"Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von
Dateien.

Error - 05.01.2012 11:42:54 | Computer Name = Karsten-PC | Source = ESENT | ID = 490
Description = WinMail (4132) WindowsMail0: Versuch, Datei "C:\Users\Karsten\AppData\Local\Microsoft\Windows
Mail\edb.chk" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005):
"Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von
Dateien.

Error - 05.01.2012 11:43:04 | Computer Name = Karsten-PC | Source = ESENT | ID = 490
Description = WinMail (4132) WindowsMail0: Versuch, Datei "C:\Users\Karsten\AppData\Local\Microsoft\Windows
Mail\edb.log" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005):
"Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von
Dateien.

Error - 05.01.2012 11:43:37 | Computer Name = Karsten-PC | Source = Perflib | ID = 1010
Description =

Error - 05.01.2012 11:43:37 | Computer Name = Karsten-PC | Source = Perflib | ID = 1018
Description =

Error - 05.01.2012 11:48:02 | Computer Name = Karsten-PC | Source = ESENT | ID = 490
Description = WinMail (876) WindowsMail0: Versuch, Datei "C:\Users\Karsten\AppData\Local\Microsoft\Windows
Mail\edb.chk" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005):
"Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von
Dateien.

Error - 05.01.2012 11:48:12 | Computer Name = Karsten-PC | Source = ESENT | ID = 490
Description = WinMail (876) WindowsMail0: Versuch, Datei "C:\Users\Karsten\AppData\Local\Microsoft\Windows
Mail\edb.log" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005):
"Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von
Dateien.

Error - 05.01.2012 11:52:08 | Computer Name = Karsten-PC | Source = ESENT | ID = 490
Description = WinMail (5764) WindowsMail0: Versuch, Datei "C:\Users\Karsten\AppData\Local\Microsoft\Windows
Mail\edb.chk" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005):
"Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von
Dateien.

Error - 05.01.2012 11:52:19 | Computer Name = Karsten-PC | Source = ESENT | ID = 490
Description = WinMail (5764) WindowsMail0: Versuch, Datei "C:\Users\Karsten\AppData\Local\Microsoft\Windows
Mail\edb.log" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005):
"Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von
Dateien.

[ Media Center Events ]
Error - 25.01.2011 18:30:02 | Computer Name = Karsten-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

Error - 17.04.2011 14:40:47 | Computer Name = Karsten-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide

[ System Events ]
Error - 04.01.2012 21:04:22 | Computer Name = Karsten-PC | Source = DCOM | ID = 10010
Description =

Error - 04.01.2012 21:07:38 | Computer Name = Karsten-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 04.01.2012 21:07:38 | Computer Name = Karsten-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 04.01.2012 22:08:10 | Computer Name = Karsten-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 04.01.2012 22:26:14 | Computer Name = Karsten-PC | Source = DCOM | ID = 10010
Description =

Error - 04.01.2012 22:26:47 | Computer Name = Karsten-PC | Source = DCOM | ID = 10010
Description =

Error - 04.01.2012 22:27:05 | Computer Name = Karsten-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 04.01.2012 22:35:41 | Computer Name = Karsten-PC | Source = DCOM | ID = 10010
Description =

Error - 04.01.2012 22:36:26 | Computer Name = Karsten-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 05.01.2012 10:22:39 | Computer Name = Karsten-PC | Source = DCOM | ID = 10010
Description =

< End of report >

deljob.exe und Combofix.exe habe ich bereits auf den desktop geladen.

Könnte mir jemand den entscheidenden Tipp geben?

Vielen Dank im Voraus.

Gruß
Ferris

05.01.2012, 18:27

Ferris73

...neu hier

Themenstarter

Beiträge: 7

#2 ..was ich nhoch hinzufügen möchte ist, dass bei meinem Benutzer auch der ask manager weg ist.
D.h. die anderen Auswahlmöglichkeiten z.B. Benutzer wechseln stehen nach Strg, ALt iu. Ent nach wie vor zur Verfügung.

Gruß
Ferris

05.01.2012, 19:32

Ferris73

...neu hier

Themenstarter

Beiträge: 7

#3 Update:

Ok, der task Manager ist nach 2 weiteren gefundenen Problemen über Malwarebytes wieder da. Aber das mit dem windows mail und dem Firefox scheint was Größeres zu sein.
Bei dem Windows mail problem kommt die Meldung: MSOE.dll konnte nicht initialisiert werden.

Danke im Voraus.

Gruß
Ferris

06.01.2012, 00:36

gangren

Member

Beiträge: 420

#4 Hi

1. Poste bitte das erste Log (das mit den entfernten Viren) von Malwarebytes. Zu finden in Malwarebytes unter dem Reiter "Logdateien".

2. Starte OTL, kopiere unten in das Skript-Feld rein:

Zitat

:OTL
IE - HKU\S-1-5-21-1932084568-354705828-2513971960-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1932084568-354705828-2513971960-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60465
FF - prefs.js..browser.startup.homepage: "file:///C:/Users/Susi/start.html"
O7 - HKU\S-1-5-21-1932084568-354705828-2513971960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:24051EFF
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:680DD2F1
:Commands
[emptytemp]
[emptyflash]

und klicke auf Fix. Poste bitte das Fix-Log.

3. Lade aswmbr von avast! herunter
http://public.avast.com/~gmerek/aswMBR.exe
Starte das Programm
wähle "Ja" bei der Frage nach avast-Engine.
Klicke auf Scan
Klicke nach dem Scan auf Save Log, speichere es ab und poste es bitte hier (nichts "Fixen").

06.01.2012, 01:28

Ferris73

...neu hier

Themenstarter

Beiträge: 7

#5 Log 1 von der ersten Bereinigung mit Malwarebytes:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.05.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Susi :: KARSTEN-PC [Administrator]

05.01.2012 11:54:12
mbam-log-2012-01-05 (11-54-12).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 607171
Laufzeit: 3 Stunde(n), 15 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 13
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (http://startsear.ch/?aff=1&cf=090280f0-1843-11e1-a2c4-c54a62e66f9d) Gut: (http://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 12
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Löschen bei Neustart.
C:\Users\Karsten\AppData\Local\Temp\0.07738040842829452.exe (Trojan.Ransom.Gen) -> Löschen bei Neustart.
C:\Users\Karsten\AppData\Local\Temp\0.2720751816306275.exe (Trojan.Ransom.Gen) -> Löschen bei Neustart.
C:\Users\Karsten\AppData\Local\Temp\0.3094727708063667.exe (Trojan.Ransom.Gen) -> Löschen bei Neustart.
C:\Users\Karsten\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\3203c875-405f2289 (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\reset5c.dll (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Karsten\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Karsten\AppData\Roaming\Adobe\plugs\mmc2197024.txt (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Karsten\AppData\Roaming\Adobe\plugs\mmc2288035.txt (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.07738040842829452.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.2720751816306275.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.3094727708063667.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Log 2 von der zweiten Bereinigung mit Malwarebytes:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.05.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Karsten :: KARSTEN-PC [Administrator]

05.01.2012 16:44:40
mbam-log-2012-01-05 (16-44-40).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 606457
Laufzeit: 2 Stunde(n), 16 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (http://startsear.ch/?aff=1&cf=090280f0-1843-11e1-a2c4-c54a62e66f9d) Gut: (http://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Fix Log von OTL:

OTL logfile created on: 06.01.2012 01:14:47 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Susi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 57,48% Memory free
4,23 Gb Paging File | 3,43 Gb Available in Paging File | 81,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 372,61 Gb Total Space | 75,29 Gb Free Space | 20,20% Space Free | Partition Type: NTFS

Computer Name: KARSTEN-PC | User Name: Susi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Susi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AWSC.exe ()
PRC - C:\Users\Susi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Dll-Files.com Fixer\DLLFixer.exe (Dll-FIles.Com)
PRC - C:\cygwin\usr\sbin\sshd.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.)
PRC - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\Windows\System32\ANIWConnService.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\cygwin\bin\cygrunsrv.exe ()

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\wlanapp.dll ()
MOD - C:\Programme\D-Link\DWL-G122_DWA-110\ANIOApi.dll ()
MOD - C:\Programme\ANI\ANIWZCS2 Service\ANIOApi.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_b427739.dll ()
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (ANIWConnService) -- C:\Windows\System32\ANIWConnService.exe ()
SRV - (sshd) -- C:\cygwin\bin\cygrunsrv.exe ()
SRV - (BrlAPI) -- C:\cygwin\bin\cygrunsrv.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (netr28u) -- C:\Windows\System32\drivers\Dnetr28u.sys (Ralink Technology Corp.)
DRV - (anodlwf) -- C:\Windows\System32\drivers\anodlwf.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (MagicTune) -- C:\Windows\System32\drivers\MTiCtwl.sys ()

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {EEA2F5E2-432D-49C1-AB2F-982677355DE3}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EEA2F5E2-432D-49C1-AB2F-982677355DE3}: C:\Users\Karsten\AppData\Local\{EEA2F5E2-432D-49C1-AB2F-982677355DE3}\ [2011.04.10 09:12:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.13 18:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.26 16:27:18 | 000,000,000 | ---D | M]

[2009.08.10 11:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susi\AppData\Roaming\mozilla\Extensions
[2011.09.03 13:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susi\AppData\Roaming\mozilla\Firefox\Profiles\1uwaxh1b.default\extensions
[2010.04.27 21:37:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Susi\AppData\Roaming\mozilla\Firefox\Profiles\1uwaxh1b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.29 19:44:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Susi\AppData\Roaming\mozilla\Firefox\Profiles\1uwaxh1b.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.11.13 18:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.13 18:35:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.24 13:43:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011.08.30 21:35:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.30 21:29:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.08.30 21:35:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.30 21:35:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.30 21:35:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.30 21:35:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.11.02 21:31:47 | 000,000,054 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll̀ File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] C:\Programme\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [WZCSLDR2] C:\Program Files\D-Link\DWL-G122_DWA-110\WZCSLDR2.exe File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Susi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ( )
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ( )
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41AD9AC4-5AF1-401C-9B37-3A21034D6D7A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76490DD3-936D-4248-83E7-381F50A5C189}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Susi\Pictures\2011_05\PICT0086.JPG
O24 - Desktop BackupWallPaper: C:\Users\Susi\Pictures\2011_05\PICT0086.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.01.06 01:16:48 | 004,704,768 | ---- | C] (AVAST Software) -- C:\Users\Susi\Desktop\aswMBR.exe
[2012.01.06 01:09:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.06 01:08:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Susi\Desktop\OTL.exe
[2012.01.06 00:58:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.06 00:48:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.01.06 00:48:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.01.06 00:48:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.01.06 00:48:13 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2012.01.06 00:46:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.01.06 00:41:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.06 00:41:03 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.01.05 22:25:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.01.05 22:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link
[2012.01.05 22:06:20 | 001,327,189 | ---- | C] (Funk Software, Inc.) -- C:\Windows\System32\odSupp_M.dll
[2012.01.05 22:06:20 | 000,720,896 | ---- | C] (Wireless Service) -- C:\Windows\System32\ANIWZCS2.dll
[2012.01.05 22:06:20 | 000,270,336 | ---- | C] (Wireless Service) -- C:\Windows\System32\wnicapi.dll
[2012.01.05 22:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\ANI
[2012.01.05 22:05:29 | 001,110,016 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\libeay32.dll
[2012.01.05 22:05:29 | 000,204,800 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\ssleay32.dll
[2012.01.05 22:03:48 | 000,479,360 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\Dr71WU98.sys
[2012.01.05 22:03:48 | 000,247,808 | ---- | C] (Ralink Technology Inc.) -- C:\Windows\System32\rt25u98.sys
[2012.01.05 22:03:34 | 000,000,000 | ---D | C] -- C:\Users\Susi\AppData\Roaming\InstallShield
[2012.01.05 19:06:27 | 000,000,000 | ---D | C] -- C:\Users\Susi\Documents\FUSSBALL MANAGER 12
[2012.01.05 17:33:16 | 004,370,492 | ---- | C] (Swearware) -- C:\Users\Susi\Desktop\Combo-Fix.exe
[2012.01.05 13:01:53 | 000,000,000 | ---D | C] -- C:\Users\Susi\AppData\Roaming\uTorrent
[2012.01.05 11:51:08 | 000,000,000 | ---D | C] -- C:\Users\Susi\AppData\Roaming\Malwarebytes
[2012.01.05 11:42:39 | 000,000,000 | ---D | C] -- C:\Users\Susi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.01.05 02:21:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012.01.01 13:15:29 | 000,000,000 | ---D | C] -- C:\Users\Susi\AppData\Roaming\dll-files.com
[2012.01.01 00:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.01.01 00:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.01.01 00:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files.com Fixer
[2012.01.01 00:39:43 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012.01.01 00:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Dll-Files.com Fixer
[2011.12.31 23:17:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011.12.31 23:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\EA SPORTS
[2011.12.26 08:36:21 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.12.26 08:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.12.14 20:51:56 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.14 20:51:56 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 20:51:17 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 20:51:07 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.14 20:51:07 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.12.14 20:51:07 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.14 20:51:07 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.12.14 20:51:07 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.12.14 20:51:07 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.12.14 20:51:07 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.14 20:41:46 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 20:37:59 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 20:37:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.01.06 01:17:24 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\Susi\Desktop\aswMBR.exe
[2012.01.06 01:14:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.06 01:13:41 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{41AD9AC4-5AF1-401C-9B37-3A21034D6D7A}
[2012.01.06 01:13:41 | 000,003,284 | ---- | M] () -- C:\Users\Susi\AppData\Roaming\ANIWZCS{41AD9AC4-5AF1-401C-9B37-3A21034D6D7A}
[2012.01.06 01:13:08 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.01.06 01:13:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.06 01:12:53 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.06 01:12:52 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.06 01:12:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.06 01:12:43 | 2146,746,368 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.06 00:52:53 | 000,000,000 | ---- | M] () -- C:\Users\Susi\AppData\Local\prvlcl.dat
[2012.01.05 22:40:02 | 000,638,180 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.05 22:40:02 | 000,604,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.05 22:40:02 | 000,131,320 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.05 22:40:02 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.05 22:08:32 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Wireless Connection Manager.lnk
[2012.01.05 22:08:25 | 000,000,280 | ---- | M] () -- C:\Users\Susi\AppData\Roaming\ANICONFIG_{41AD9AC4-5AF1-401C-9B37-3A21034D6D7A}.ini
[2012.01.05 22:08:25 | 000,000,005 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{41AD9AC4-5AF1-401C-9B37-3A21034D6D7A}
[2012.01.05 21:54:41 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{867E007A-5485-4B43-9581-4A94530A1F92}
[2012.01.05 21:54:41 | 000,003,284 | ---- | M] () -- C:\Users\Susi\AppData\Roaming\ANIWZCS{867E007A-5485-4B43-9581-4A94530A1F92}
[2012.01.05 21:54:29 | 000,000,005 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{867E007A-5485-4B43-9581-4A94530A1F92}
[2012.01.05 21:30:44 | 000,000,258 | ---- | M] () -- C:\Users\Susi\AppData\Roaming\ANICONFIG_{867E007A-5485-4B43-9581-4A94530A1F92}.ini
[2012.01.05 21:16:46 | 000,003,284 | ---- | M] () -- C:\Users\Susi\AppData\Roaming\ANIWZCS{57F177B6-DAFB-475C-9A67-69983FF379D7}
[2012.01.05 21:12:36 | 000,000,287 | ---- | M] () -- C:\Users\Susi\AppData\Roaming\ANICONFIG_{57F177B6-DAFB-475C-9A67-69983FF379D7}.ini
[2012.01.05 19:55:19 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.01.05 19:49:45 | 000,073,728 | ---- | M] () -- C:\Users\Susi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.05 17:33:22 | 004,370,492 | ---- | M] (Swearware) -- C:\Users\Susi\Desktop\Combo-Fix.exe
[2012.01.05 17:30:19 | 000,126,976 | ---- | M] () -- C:\Users\Susi\Desktop\deljob.exe
[2012.01.05 17:15:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Susi\Desktop\OTL.exe
[2012.01.05 11:40:15 | 001,402,880 | ---- | M] () -- C:\Users\Susi\Desktop\HiJackThis-2-04.msi
[2012.01.05 03:29:39 | 000,000,008 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{57F177B6-DAFB-475C-9A67-69983FF379D7}
[2012.01.05 03:14:04 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012.01.05 03:14:04 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2012.01.05 02:31:29 | 000,003,284 | R--- | M] () -- C:\Windows\System32\ANIWZCS{57F177B6-DAFB-475C-9A67-69983FF379D7}
[2012.01.05 02:31:19 | 000,620,460 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012.01.04 19:10:23 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.01.04 19:10:23 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.01.04 13:17:00 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2011.12.26 08:39:18 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011.12.23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.12.15 22:40:59 | 000,255,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.12 21:06:29 | 000,388,655 | ---- | M] () -- C:\Users\Susi\Desktop\Berg.jpg
[2011.12.10 20:16:31 | 000,182,044 | ---- | M] () -- C:\Users\Susi\Desktop\AP-Gelber Rucksack.jpg
[2011.12.10 20:15:25 | 008,631,974 | ---- | M] () -- C:\Users\Susi\Desktop\Unbenannt 1.odg
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.01.06 00:48:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.01.06 00:48:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.01.06 00:48:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.01.06 00:48:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.01.06 00:48:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.01.05 22:08:32 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Wireless Connection Manager.lnk
[2012.01.05 22:07:22 | 000,000,280 | ---- | C] () -- C:\Users\Susi\AppData\Roaming\ANICONFIG_{41AD9AC4-5AF1-401C-9B37-3A21034D6D7A}.ini
[2012.01.05 22:06:45 | 000,003,284 | ---- | C] () -- C:\Windows\System32\ANIWZCS{41AD9AC4-5AF1-401C-9B37-3A21034D6D7A}
[2012.01.05 22:06:45 | 000,003,284 | ---- | C] () -- C:\Users\Susi\AppData\Roaming\ANIWZCS{41AD9AC4-5AF1-401C-9B37-3A21034D6D7A}
[2012.01.05 22:06:39 | 000,000,005 | ---- | C] () -- C:\Windows\System32\ANIWZCSUSERNAME{41AD9AC4-5AF1-401C-9B37-3A21034D6D7A}
[2012.01.05 22:06:31 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ANIWConnService.exe
[2012.01.05 22:06:20 | 000,258,048 | ---- | C] () -- C:\Windows\System32\wlanapp.dll
[2012.01.05 22:06:20 | 000,217,088 | ---- | C] () -- C:\Windows\System32\aIPH.dll
[2012.01.05 22:06:20 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AQCKGen.dll
[2012.01.05 22:06:20 | 000,045,115 | ---- | C] () -- C:\Windows\System32\ANICtl.dll
[2012.01.05 22:05:59 | 000,315,392 | ---- | C] () -- C:\Windows\System32\ANIOApi.dll
[2012.01.05 22:05:29 | 000,733,184 | ---- | C] () -- C:\Windows\System32\ANIOWPS.dll
[2012.01.05 22:05:29 | 000,237,568 | ---- | C] () -- C:\Windows\System32\ANIWPS.exe
[2012.01.05 22:03:48 | 000,002,048 | ---- | C] () -- C:\Windows\System32\rt73.bin
[2012.01.05 21:28:40 | 000,000,258 | ---- | C] () -- C:\Users\Susi\AppData\Roaming\ANICONFIG_{867E007A-5485-4B43-9581-4A94530A1F92}.ini
[2012.01.05 21:24:55 | 000,003,284 | ---- | C] () -- C:\Windows\System32\ANIWZCS{867E007A-5485-4B43-9581-4A94530A1F92}
[2012.01.05 21:24:55 | 000,003,284 | ---- | C] () -- C:\Users\Susi\AppData\Roaming\ANIWZCS{867E007A-5485-4B43-9581-4A94530A1F92}
[2012.01.05 21:24:41 | 000,000,005 | ---- | C] () -- C:\Windows\System32\ANIWZCSUSERNAME{867E007A-5485-4B43-9581-4A94530A1F92}
[2012.01.05 17:30:08 | 000,126,976 | ---- | C] () -- C:\Users\Susi\Desktop\deljob.exe
[2012.01.05 11:40:14 | 001,402,880 | ---- | C] () -- C:\Users\Susi\Desktop\HiJackThis-2-04.msi
[2012.01.05 11:33:38 | 000,620,460 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012.01.05 03:31:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.01.05 03:14:04 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2012.01.05 03:14:04 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2012.01.01 00:40:02 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2011.12.26 08:46:38 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.12.12 21:06:23 | 000,388,655 | ---- | C] () -- C:\Users\Susi\Desktop\Berg.jpg
[2011.12.10 20:16:27 | 000,182,044 | ---- | C] () -- C:\Users\Susi\Desktop\AP-Gelber Rucksack.jpg
[2011.12.10 20:15:23 | 008,631,974 | ---- | C] () -- C:\Users\Susi\Desktop\Unbenannt 1.odg
[2011.05.25 19:11:02 | 000,003,284 | ---- | C] () -- C:\Users\Susi\AppData\Roaming\ANIWZCS{57F177B6-DAFB-475C-9A67-69983FF379D7}
[2011.05.25 19:10:44 | 000,000,287 | ---- | C] () -- C:\Users\Susi\AppData\Roaming\ANICONFIG_{57F177B6-DAFB-475C-9A67-69983FF379D7}.ini
[2011.05.25 18:19:32 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2011.05.25 18:19:31 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011.04.29 08:12:30 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.29 08:12:30 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.21 17:00:28 | 000,013,312 | ---- | C] () -- C:\Windows\System32\drivers\MTiCtwl.sys
[2011.01.29 12:50:34 | 000,004,976 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
[2010.09.04 13:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.03.24 18:51:11 | 000,000,000 | ---- | C] () -- C:\Users\Susi\AppData\Local\prvlcl.dat
[2010.03.21 01:35:36 | 000,061,440 | ---- | C] () -- C:\Windows\System32\leasrsa.dll
[2010.03.21 01:35:36 | 000,000,259 | ---- | C] () -- C:\Windows\System32\Sdat.dat
[2009.11.30 23:37:44 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.09.24 07:07:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 07:07:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.22 14:40:34 | 000,000,621 | ---- | C] () -- C:\Windows\psnetwork.ini
[2009.08.22 14:40:34 | 000,000,074 | ---- | C] () -- C:\Windows\powerplayer.ini
[2009.08.22 14:40:34 | 000,000,020 | ---- | C] () -- C:\Windows\powerlist.ini
[2009.08.11 20:07:20 | 000,073,728 | ---- | C] () -- C:\Users\Susi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.04 17:28:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.07.16 14:20:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.05.29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.01.21 08:15:58 | 000,638,180 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,131,320 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.09.04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,255,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,604,082 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< :OTL >[/color]

[color=#A23BEC]< IE - HKU\S-1-5-21-1932084568-354705828-2513971960-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 >[/color]

[color=#A23BEC]< IE - HKU\S-1-5-21-1932084568-354705828-2513971960-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60465 >[/color]

[color=#A23BEC]< FF - prefs.js..browser.startup.homepage: "file:///C:/Users/Susi/start.html" >[/color]

[color=#A23BEC]< O7 - HKU\S-1-5-21-1932084568-354705828-2513971960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 >[/color]

[color=#A23BEC]< @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:24051EFF >[/color]

[color=#A23BEC]< @Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:0CE7F3C9 >[/color]

[color=#A23BEC]< @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:63238B95 >[/color]

[color=#A23BEC]< @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:BB24555F >[/color]

[color=#A23BEC]< @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:680DD2F1 >[/color]

[color=#A23BEC]< :Commands >[/color]

[color=#A23BEC]< [emptytemp] >[/color]

[color=#A23BEC]< [emptyflash] >[/color]

< End of report >

Log von Avast ohne gefixed zu haben:

aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
Run date: 2012-01-06 01:22:06
-----------------------------
01:22:06.733 OS Version: Windows 6.0.6002 Service Pack 2
01:22:06.733 Number of processors: 4 586 0xF0B
01:22:06.733 ComputerName: KARSTEN-PC UserName: Susi
01:22:08.480 Initialize success
01:23:11.578 AVAST engine defs: 12010501
01:23:19.222 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
01:23:19.222 Disk 0 Vendor: SAMSUNG_HD403LJ CT100-12 Size: 381554MB BusType: 3
01:23:19.284 Disk 0 MBR read successfully
01:23:19.284 Disk 0 MBR scan
01:23:19.284 Disk 0 Windows VISTA default MBR code
01:23:19.315 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 381552 MB offset 2048
01:23:19.362 Disk 0 scanning sectors +781420544
01:23:19.456 Disk 0 scanning C:\Windows\system32\drivers
01:23:29.455 Service scanning
01:23:35.820 Modules scanning
01:23:40.282 Disk 0 trace - called modules:
01:23:40.313 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
01:23:40.313 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85be4ac8]
01:23:40.313 3 CLASSPNP.SYS[88baa8b3] -> nt!IofCallDriver -> [0x858eba70]
01:23:40.313 5 acpi.sys[806956bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x858be1d8]
01:23:42.013 AVAST engine scan C:\Windows
01:23:45.242 AVAST engine scan C:\Windows\system32
01:25:51.852 AVAST engine scan C:\Windows\system32\drivers
01:26:03.115 AVAST engine scan C:\Users\Susi
01:27:45.295 Disk 0 MBR has been saved successfully to "C:\Users\Susi\Desktop\MBR.dat"
01:27:45.311 The log file has been saved successfully to "C:\Users\Susi\Desktop\aswMBR.txt"

Also eine Antwort um 0:36h zu bekommen ist schon aller Ehren wert. Vielen Dank dafür!!!

Gruß
Ferris

06.01.2012, 10:50

Ferris73

...neu hier

Themenstarter

Beiträge: 7

#6 Hallo,

habe jetzt mal ein wenig gegoogelt. Bei dem Trojaner hanelt es sich um den Trojan.Ransom.Gen.
Leider. Scheint wohl sehr schadhaft zu sein.

Auch mein AOL Instant Messenger funktioniert nimmer. D.h. alles was nach draußen will geht nimmer. Im Internet werden diverse Lösungsansätze beschrieben für den Trojan.Ransom.Gen, aber ich gehe davon aus, dass sich in diesem Board die geballte Kompetenez tummelt.

Vielen Dank und bis später.

Gruß
Ferris

06.01.2012, 11:29

gangren

Member

Beiträge: 420

#7 Hm, das war nicht das Fix-Log, aber anscheinend hast Du in der Zwischenzeit Combofix eingesetzt, so dass sich das erledigt hat.
Poste bitte das Log, das Combofix beim Scan produziert hat, zu finden normalerweise unter C:\ bzw. C:\Qoobox

06.01.2012, 12:24

Ferris73

...neu hier

Themenstarter

Beiträge: 7

#8 Hallo,

anbei das Combo Fix log,nachdem ich es nun vollständig hab ausführen lassen.

ComboFix 12-01-05.02 - Karsten 06.01.2012 11:47:51.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2047.776 [GMT 1:00]
ausgeführt von:: c:\users\Karsten\Desktop\Combo-Fix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Karsten\AppData\Local\{EEA2F5E2-432D-49C1-AB2F-982677355DE3}
c:\users\Karsten\AppData\Local\{EEA2F5E2-432D-49C1-AB2F-982677355DE3}\chrome.manifest
c:\users\Karsten\AppData\Local\{EEA2F5E2-432D-49C1-AB2F-982677355DE3}\chrome\content\_cfg.js
c:\users\Karsten\AppData\Local\{EEA2F5E2-432D-49C1-AB2F-982677355DE3}\chrome\content\overlay.xul
c:\users\Karsten\AppData\Local\{EEA2F5E2-432D-49C1-AB2F-982677355DE3}\install.rdf
c:\users\Karsten\AppData\Roaming\7182.F51
c:\users\Karsten\AppData\Roaming\Adobe\plugs
c:\users\Karsten\AppData\Roaming\Adobe\plugs\bh.tmp
c:\users\Karsten\AppData\Roaming\Adobe\shed
c:\users\Karsten\AppData\Roaming\Microsoft\Windows\Recent\-=[SUMOTorrent.com]=-_Super_Bowl_XLV_Halftime_Show_720p_Surround_6CH_AC3_48000Hz_mkv_2.pif
c:\users\Susi\Desktop\Setup.exe
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system.dbg
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\leasrsa.dll
c:\windows\system32\nt011.info
c:\windows\system32\Sdat.dat
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-06 bis 2012-01-06 ))))))))))))))))))))))))))))))
.
.
2012-01-06 10:58 . 2012-01-06 10:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-06 10:58 . 2012-01-06 10:58 -------- d-----w- c:\users\Eliana\AppData\Local\temp
2012-01-06 00:12 . 2012-01-06 00:12 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33C67E2E-B9F6-4B02-805A-11AE8D3573B7}\offreg.dll
2012-01-06 00:09 . 2012-01-06 00:09 -------- d-----w- C:\_OTL
2012-01-05 21:05 . 2012-01-05 21:05 -------- d-----w- c:\program files\ANI
2012-01-05 21:05 . 2009-06-01 13:23 315392 ----a-w- c:\windows\system32\ANIOApi.dll
2012-01-05 21:05 . 2009-09-02 10:00 733184 ----a-w- c:\windows\system32\ANIOWPS.dll
2012-01-05 21:05 . 2009-02-26 10:22 237568 ----a-w- c:\windows\system32\ANIWPS.exe
2012-01-05 21:05 . 2008-09-25 12:16 204800 ----a-w- c:\windows\system32\ssleay32.dll
2012-01-05 21:05 . 2008-09-25 12:15 1110016 ----a-w- c:\windows\system32\libeay32.dll
2012-01-05 21:03 . 2009-07-17 15:23 479360 ----a-w- c:\windows\system32\Dr71WU98.sys
2012-01-05 21:03 . 2007-05-12 13:44 247808 ----a-w- c:\windows\system32\rt25u98.sys
2012-01-05 21:03 . 2005-11-18 14:21 2048 ----a-w- c:\windows\system32\rt73.bin

Anmerkung: Das windows mail Problem sowie das AOL Instant Messenger Problem (kein Zugrifff) besteht nach wie vor. Komischerweise nur auf meinem Benutzer.

Danke und Gruß
Ferris
2012-01-05 21:03 . 2012-01-05 21:03 -------- d-----w- c:\users\Susi\AppData\Roaming\InstallShield
2012-01-05 12:01 . 2012-01-05 12:01 -------- d-----w- c:\users\Susi\AppData\Roaming\uTorrent
2012-01-05 10:51 . 2012-01-05 10:51 -------- d-----w- c:\users\Susi\AppData\Roaming\Malwarebytes
2012-01-05 10:42 . 2012-01-05 10:42 388096 ----a-r- c:\users\Susi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-05 02:14 . 2012-01-05 02:14 1409 ----a-w- c:\windows\QTFont.for
2012-01-05 01:28 . 2012-01-05 01:28 -------- d-----w- c:\users\Karsten\AppData\Roaming\AVG2012
2012-01-05 01:21 . 2012-01-05 23:59 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-03 19:28 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33C67E2E-B9F6-4B02-805A-11AE8D3573B7}\mpengine.dll
2012-01-01 12:15 . 2012-01-01 12:15 -------- d-----w- c:\users\Susi\AppData\Roaming\dll-files.com
2011-12-31 23:40 . 2011-12-31 23:40 -------- d-----w- c:\programdata\EA Core
2011-12-31 23:40 . 2011-12-31 23:40 -------- d-----w- c:\programdata\Electronic Arts
2011-12-31 23:39 . 2011-12-31 23:39 -------- d-----w- c:\users\Karsten\AppData\Roaming\dll-files.com
2011-12-31 23:39 . 2011-12-31 23:39 -------- d-----w- c:\program files\Dll-Files.com Fixer
2011-12-31 22:17 . 2011-12-31 22:19 -------- d--h--w- c:\windows\msdownld.tmp
2011-12-31 22:13 . 2011-12-31 23:49 -------- d-----w- c:\program files\EA SPORTS
2011-12-26 07:46 . 2011-12-26 07:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-26 07:36 . 2011-12-23 06:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-14 19:41 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 19:41 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-14 19:37 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 19:37 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 14:24 . 2011-04-10 11:20 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 07:54 . 2011-07-17 20:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-11-13 17:35 . 2011-09-03 18:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 20:58 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]
"D-Link D-Link Wireless G DWL-G122_DWA-110"="c:\program files\D-Link\DWL-G122_DWA-110\AirGCFG.exe" [2009-09-18 1708032]
.
c:\users\Karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-01-24 22:18 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-04-01 18:49 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 30833280
*NewlyCreated* - ASWMBR
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
*Deregistered* - 30833280
*Deregistered* - aswMBR
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-04 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2011-12-31 16:09]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 20:08]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 20:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: Free YouTube Download - c:\users\Karsten\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Karsten\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\5fuj6tly.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - www.n-tv.de
FF - prefs.js: keyword.URL - hxxp://www.google.de/#sclient=psy&hl=en&q=%E2%80%9D&fp=1&bav=on.2,or.r_gc.r_pw.&cad=b
FF - prefs.js: network.proxy.http - 127.0.0.1:80
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
HKCU-Run-Software Informer - c:\program files\Software Informer\softinfo.exe
HKCU-Run-RDReminder - (no file)
HKLM-Run-WZCSLDR2 - c:\program files\D-Link\DWL-G122_DWA-110\WZCSLDR2.exe
MSConfigStartUp-conhost - c:\users\Karsten\AppData\Roaming\Microsoft\conhost.exe
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-06 12:01
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
Zeit der Fertigstellung: 2012-01-06 12:10:44
ComboFix-quarantined-files.txt 2012-01-06 11:10
.
Vor Suchlauf: 12 Verzeichnis(se), 80.092.549.120 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 81.466.081.280 Bytes frei
.
- - End Of File - - F6BFDF49F01C4433C10A18037F721AA1

06.01.2012, 13:22

gangren

Member

Beiträge: 420

#9 Irgendwas ist da noch aktiv. Lösche bitte die Combofix.exe und hol Dir eine frische Kopie:
http://www.bleepingcomputer.com/download/anti-virus/combofix

Lasse Combofix erneut laufen und poste bitte das Log, starte Combofix diesmal mit Rechstklick "Als Administrator ausführen".

06.01.2012, 20:48

Ferris73

...neu hier

Themenstarter

Beiträge: 7

#10 Hallo Gangren,

nun, nach langem hin und her habe ich mich entschlossen das System nochmal neu aufzuspielen.
Ich denke das war sowieso mal wieder nötig. Man macht es eben nicht gerne aber so ist es jetzt auch ok. Für deine prompte und kompetente Hilfe danke ich dir jedoch sehr. Der Thread kann also geschlossen werden.

Vielen Dank für alles.

Gruß
Ferris

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

»
»
»
»
» Firefox und IE lassen sich nach ca 1 Minute nicht mehr starten

Seite(n): 1