Einige Webseiten lassen sich plötzlich nicht mehr öffnen

#1 Hallo guten Abend zusammen,

ich habe seit gestern nachmittag das Problem, daß einige Webseiten nicht mehr angezeigt werden ( auch nicht im IE - ich benutze Firefox) wogegen z.B. Google o.a. Seiten normal geöffnet werden. Weiters kann ich auf King.com nicht mehr spielen. Ich kann mich einloggen aber das Spiel wird nicht geladen. Die Webseite 'Find version' von Adobe geht auch nicht = Fehlermeldung.

So. Ich bin einige Tage im Hotel über Wlan ins Web gegangen. Ich habe zwar einen USB-Stick von o2 ABER die Verbindung ist so langsam, daß ich Wlan zum Musikvideo gucken genutzt habe.
Dummerweise habe ich aus Versehen - in Gedanken wie auch immer - bei den Optionen, die einem vor der ersten Einwahl angezeigt werden 'Heimnetzwerk' anstelle von 'öffentl. Netzwerk' ausgewählt.

Deswegen aber vor allem wegen dem zuerst genannten Problem möchte ich mal checken lassen, ob ich mir was eingefangen habe. Und generell möchte ich mal wissen, ob der PC sauber ist.



Hier sind die Logfiles:

OTL:

otl.txt

Code

OTL logfile created on: 17.12.2012 23:25:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sonnengöttin\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,12 Mb Total Physical Memory | 160,47 Mb Available Physical Memory | 15,82% Memory free
1,99 Gb Paging File | 1,11 Gb Available in Paging File | 55,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 78,14 Gb Free Space | 78,14% Space Free | Partition Type: NTFS
Drive D: | 183,07 Gb Total Space | 106,32 Gb Free Space | 58,07% Space Free | Partition Type: NTFS
 
Computer Name: HAL-3000 | User Name: Sonnengöttin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Sonnengöttin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstantOn\InsOnWMI.exe (ASUS)
PRC - C:\ExpressGateUtil\VAWinAgent.exe ()
PRC - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (AsusTek Computer Inc.)
PRC - C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\ASUS\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe (Trend Micro Inc.)
PRC - C:\ExpressGateUtil\VAWinService.exe ()
PRC - C:\Program Files\Asus\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\CapsHook\CapsHook.exe (ASUS)
PRC - C:\Program Files\ASUS\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
PRC - C:\Program Files\o2\Mobile Connection Manager\EMMSN.exe (Telefónica I+D)
PRC - C:\Program Files\o2\Nori\Nori.exe (Telefónica I+D)
PRC - C:\Program Files\syncables\syncables desktop\syncables.exe (syncables, LLC)
PRC - C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronic Corp.)
PRC - C:\Program Files\MouseDriver\OfficeMouse.exe ()
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\ExpressGateUtil\VAWinAgent.exe ()
MOD - C:\Program Files\o2\Mobile Connection Manager\sqlite3.dll ()
MOD - C:\Program Files\o2\Mobile Connection Manager\AgendaLib.dll ()
MOD - C:\Program Files\o2\Nori\legplgs\plgsie.dll ()
MOD - C:\Program Files\o2\Nori\legplgs\plgice.dll ()
MOD - C:\Program Files\o2\Nori\legplgs\plgalc.dll ()
MOD - C:\Program Files\o2\Nori\legplgs\plgser.dll ()
MOD - C:\Program Files\o2\Nori\legplgs\plgati.dll ()
MOD - C:\Program Files\o2\Nori\legplgs\plgnvt.dll ()
MOD - C:\Program Files\o2\Nori\legplgs\plghwi.dll ()
MOD - C:\Program Files\o2\Nori\legplgs\plgopt.dll ()
MOD - C:\Program Files\o2\Nori\legplgs\plgzte.dll ()
MOD - C:\Program Files\o2\Mobile Connection Manager\langs\de_DE_md.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Program Files\MouseDriver\dllset.dll ()
MOD - C:\Program Files\MouseDriver\OfficeMouse.exe ()
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (VideAceWindowsService) -- C:\ExpressGateUtil\VAWinService.exe ()
SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (btwrchid) -- C:\windows\system32\drivers\btwrchid.sys File not found
DRV - (btwl2cap) -- system32\DRIVERS\btwl2cap.sys File not found
DRV - (btwavdt) -- C:\windows\system32\drivers\btwavdt.sys File not found
DRV - (btwaudio) -- system32\drivers\btwaudio.sys File not found
DRV - (btwampfl) -- system32\drivers\btwampfl.sys File not found
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (RTL2832U_IRHID) -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys (Realtek)
DRV - (massfilter_hs) -- C:\Windows\System32\drivers\massfilter_hs.sys (ZTE Incorporated)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.26010003&st=12
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.26010003&st=12&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://welt.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.26010003&st=12&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com/?crg=3.26010003&st=12"
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.14
FF - prefs.js..extensions.enabledAddons: fdm_ffext@freedownloadmanager.org:1.5.7.4
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension\ [2012.09.03 21:54:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.01 11:45:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.22 01:24:02 | 000,000,000 | ---D | M]
 
[2012.06.21 23:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonnengöttin\AppData\Roaming\mozilla\Extensions
[2012.07.09 19:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonnengöttin\AppData\Roaming\mozilla\Firefox\Profiles\1gprlgt9.default-1341773189557\extensions
[2012.09.02 19:35:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonnengöttin\AppData\Roaming\mozilla\Firefox\Profiles\ck05pf5x.default\extensions
[2012.10.23 23:24:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonnengöttin\AppData\Roaming\mozilla\Firefox\Profiles\jc64e605.default-1346777696175\extensions
[2012.12.17 02:36:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonnengöttin\AppData\Roaming\mozilla\Firefox\Profiles\l6fohtts.default-1355699886394\extensions
[2012.07.11 05:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonnengöttin\AppData\Roaming\mozilla\Firefox\Profiles\x98ethuw.default-1341862946642\extensions
[2012.08.30 21:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonnengöttin\AppData\Roaming\mozilla\SeaMonkey\Profiles\fl4r2atb.default\extensions
[2012.07.08 22:06:12 | 000,094,344 | ---- | M] () (No name found) -- C:\Users\Sonnengöttin\AppData\Roaming\mozilla\firefox\profiles\1gprlgt9.default-1341773189557\extensions\canitbecheaper@trafficbroker.co.uk.xpi
[2012.09.01 20:49:10 | 000,699,353 | ---- | M] () (No name found) -- C:\Users\Sonnengöttin\AppData\Roaming\mozilla\firefox\profiles\ck05pf5x.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.09.13 18:54:09 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Sonnengöttin\AppData\Roaming\mozilla\firefox\profiles\jc64e605.default-1346777696175\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.12.17 02:36:09 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Sonnengöttin\AppData\Roaming\mozilla\firefox\profiles\l6fohtts.default-1355699886394\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.10.16 20:47:53 | 000,003,949 | ---- | M] () -- C:\Users\Sonnengöttin\AppData\Roaming\mozilla\firefox\profiles\ck05pf5x.default\searchplugins\sweetim.xml
[2012.09.03 17:29:18 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
File not found (No name found) -- C:\USERS\SONNENGöTTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CK05PF5X.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.06.14 23:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.03.08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [iWareV3] C:\Program Files\MouseDriver\OfficeMouse.exe ()
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O4 - HKCU..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7F5585F-5BF0-45A5-956A-64A664EA3723}: DhcpNameServer = 81.14.244.9 145.253.2.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD865088-D392-4A8E-B591-5CB6E7F4E6E6}: NameServer = 193.189.244.206 193.189.244.225
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.12.17 23:22:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sonnengöttin\Desktop\OTL.exe
[2012.12.16 22:22:18 | 000,000,000 | ---D | C] -- C:\Users\Sonnengöttin\Desktop\hijack
[2012.12.16 22:20:10 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012.12.16 22:09:48 | 000,000,000 | ---D | C] -- C:\Users\Sonnengöttin\Desktop\Neuer Ordner
[2012.12.13 20:40:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012.12.13 20:40:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012.12.13 20:40:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012.12.13 20:40:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012.12.13 20:40:44 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012.12.13 20:40:42 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012.12.13 20:40:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012.12.13 20:40:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012.12.13 10:40:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2012.12.13 10:35:38 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012.12.13 10:35:31 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe
[2012.12.13 10:35:31 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2012.12.13 10:35:29 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 10:35:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 10:35:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 10:35:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 10:35:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 10:35:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 10:35:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 10:35:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 10:35:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 10:35:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 10:35:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 10:35:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 10:35:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 10:35:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 10:35:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 10:35:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 10:35:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 10:35:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 10:35:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 10:35:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 10:35:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 10:35:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 10:35:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 10:35:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 10:35:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 10:35:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 10:35:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 10:35:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 10:34:38 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnet.dll
[2012.12.13 10:30:04 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2012.12.13 10:30:04 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2012.12.05 19:28:25 | 000,000,000 | ---D | C] -- C:\Users\Sonnengöttin\Downloads
[2012.12.05 00:47:08 | 000,000,000 | ---D | C] -- C:\Users\Sonnengöttin\Desktop\Forum
[2012.12.04 01:15:54 | 000,000,000 | ---D | C] -- C:\Users\Sonnengöttin\Documents\Lesezeichen
[2012.12.03 23:52:02 | 000,000,000 | ---D | C] -- C:\Users\Sonnengöttin\Documents\Grafiken_Bilder
[2012.12.03 23:42:49 | 000,000,000 | ---D | C] -- C:\Users\Sonnengöttin\Documents\Rechnungen
[2012.12.03 23:42:10 | 000,000,000 | ---D | C] -- C:\Users\Sonnengöttin\Documents\Gesundheit
[2012.12.03 23:41:02 | 000,000,000 | ---D | C] -- C:\Users\Sonnengöttin\Documents\Kontoauszüge - Ausgaben
[2012.11.20 12:14:31 | 000,000,000 | R--D | C] -- C:\Users\Sonnengöttin\Searches
[4 C:\Users\Sonnengöttin\Documents\*.tmp files -> C:\Users\Sonnengöttin\Documents\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.12.17 23:28:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.12.17 22:36:52 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 22:36:52 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 22:31:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.12.17 17:32:02 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.17 00:59:28 | 000,000,036 | ---- | M] () -- C:\Users\Sonnengöttin\AppData\Local\housecall.guid.cache
[2012.12.16 22:20:04 | 202,030,338 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012.12.16 01:31:53 | 000,666,022 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.12.16 01:31:53 | 000,627,864 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.12.16 01:31:53 | 000,133,944 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.12.16 01:31:53 | 000,110,326 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.12.15 23:58:00 | 000,000,294 | ---- | M] () -- C:\windows\tasks\DLL-files.com Fixer_UPDATES.job
[2012.12.13 22:08:14 | 000,283,240 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012.12.12 23:58:00 | 000,000,278 | ---- | M] () -- C:\windows\tasks\DLL-files.com Fixer_MONTHLY.job
[2012.12.11 23:25:24 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012.12.11 23:25:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012.12.10 18:01:26 | 000,258,376 | ---- | M] () -- C:\Users\Sonnengöttin\AppData\Local\census.cache
[2012.12.10 18:01:24 | 000,097,879 | ---- | M] () -- C:\Users\Sonnengöttin\AppData\Local\ars.cache
[2012.12.09 11:27:26 | 000,010,725 | ---- | M] () -- C:\Users\Sonnengöttin\Documents\forum_gesundheit.rtf
[2012.12.04 14:30:33 | 000,076,944 | ---- | M] () -- C:\Users\Sonnengöttin\Documents\vorstellung progenica.rtf
[2012.11.23 14:26:36 | 000,100,575 | ---- | M] () -- C:\Users\Sonnengöttin\Documents\geschichte.rtf
[2012.11.22 03:56:02 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012.11.19 16:20:23 | 000,146,993 | ---- | M] () -- C:\Users\Sonnengöttin\Documents\screenshotmwmailer.jpg
[4 C:\Users\Sonnengöttin\Documents\*.tmp files -> C:\Users\Sonnengöttin\Documents\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.12.16 22:20:04 | 202,030,338 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012.12.04 15:41:00 | 000,010,725 | ---- | C] () -- C:\Users\Sonnengöttin\Documents\forum_gesundheit.rtf
[2012.12.03 13:50:37 | 000,076,944 | ---- | C] () -- C:\Users\Sonnengöttin\Documents\vorstellung progenica.rtf
[2012.11.19 16:20:22 | 000,146,993 | ---- | C] () -- C:\Users\Sonnengöttin\Documents\screenshotmwmailer.jpg
[2012.09.22 01:24:02 | 000,032,608 | ---- | C] () -- C:\windows\king-uninstall.exe
[2012.09.09 17:33:40 | 000,007,605 | ---- | C] () -- C:\Users\Sonnengöttin\AppData\Local\Resmon.ResmonCfg
[2012.09.09 09:18:11 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2012.09.02 14:55:15 | 000,258,376 | ---- | C] () -- C:\Users\Sonnengöttin\AppData\Local\census.cache
[2012.09.02 14:54:54 | 000,097,879 | ---- | C] () -- C:\Users\Sonnengöttin\AppData\Local\ars.cache
[2012.09.02 11:17:33 | 000,000,036 | ---- | C] () -- C:\Users\Sonnengöttin\AppData\Local\housecall.guid.cache
[2012.07.04 22:59:09 | 002,111,096 | ---- | C] () -- C:\windows\System32\npswf32.dll
[2012.07.03 16:06:08 | 000,001,676 | ---- | C] () -- C:\windows\System32\ASOROSet.bin
[2012.06.17 09:39:43 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini
[2012.06.17 09:37:15 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2011.04.21 02:19:31 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2011.04.21 02:19:31 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2011.04.21 01:56:11 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011.04.21 01:54:52 | 000,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2011.04.21 01:54:50 | 000,011,456 | ---- | C] () -- C:\windows\System32\drivers\AsIO.sys
[2011.04.21 01:54:26 | 000,000,873 | ---- | C] () -- C:\windows\Reboot.ini
[2011.04.21 01:46:52 | 000,014,051 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2011.04.21 01:43:40 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2011.04.21 01:43:40 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2011.02.16 16:29:59 | 000,666,022 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2011.02.16 16:29:59 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2011.02.16 16:29:59 | 000,133,944 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2011.02.16 16:29:59 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012.09.01 10:23:13 | 000,000,000 | ---D | M] -- C:\Users\Sonnengöttin\AppData\Roaming\Advanced System Protector
[2011.04.21 02:35:23 | 000,000,000 | ---D | M] -- C:\Users\Sonnengöttin\AppData\Roaming\ASUS WebStorage
[2012.06.17 10:18:52 | 000,000,000 | ---D | M] -- C:\Users\Sonnengöttin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.09.01 11:31:31 | 000,000,000 | ---D | M] -- C:\Users\Sonnengöttin\AppData\Roaming\dll-files.com
[2012.09.01 11:45:43 | 000,000,000 | ---D | M] -- C:\Users\Sonnengöttin\AppData\Roaming\E-Cam
[2012.09.02 23:58:08 | 000,000,000 | ---D | M] -- C:\Users\Sonnengöttin\AppData\Roaming\Free Download Manager
[2012.07.16 07:59:58 | 000,000,000 | ---D | M] -- C:\Users\Sonnengöttin\AppData\Roaming\Opera
[2012.12.03 23:48:40 | 000,000,000 | ---D | M] -- C:\Users\Sonnengöttin\AppData\Roaming\SoftGrid Client
[2012.09.01 11:14:07 | 000,000,000 | ---D | M] -- C:\Users\Sonnengöttin\AppData\Roaming\Systweak
[2012.06.21 22:21:31 | 000,000,000 | ---D | M] -- C:\Users\Sonnengöttin\AppData\Roaming\Telefónica
[2012.06.17 10:22:05 | 000,000,000 | ---D | M] -- C:\Users\Sonnengöttin\AppData\Roaming\TP
[2012.06.24 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\Sonnengöttin\AppData\Roaming\Windows Live Writer
[2012.12.13 15:27:52 | 000,000,000 | ---D | M] -- C:\Users\Sonnengöttin\AppData\Roaming\XnView
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

extras.txt.

Code

OTL Extras logfile created on: 17.12.2012 23:25:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sonnengöttin\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,12 Mb Total Physical Memory | 160,47 Mb Available Physical Memory | 15,82% Memory free
1,99 Gb Paging File | 1,11 Gb Available in Paging File | 55,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 78,14 Gb Free Space | 78,14% Space Free | Partition Type: NTFS
Drive D: | 183,07 Gb Total Space | 106,32 Gb Free Space | 58,07% Space Free | Partition Type: NTFS
 
Computer Name: HAL-3000 | User Name: Sonnengöttin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B13B359-22B6-4D6E-9179-DE85E2A7D929}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{0DCFE66C-4224-4BB8-B1AB-00C63E7923B4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0DF044C4-31DE-43D5-B3C9-C2DC6623438E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4B19138C-CB83-43A6-BF8B-AC75C7D6B89F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8C3CB7B2-D7B1-45C3-9F4F-EBA52AF9F640}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{93FEE730-441C-4F08-B955-99A2DD14E8B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0923314-107A-472A-A9B4-7DB23A4996FF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A58E7306-2B16-433F-B710-E19B85524A0A}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{BA6DF6ED-66E8-4241-8E9E-991536B4990C}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{C5E3C9ED-BB47-432C-9821-0D3D264CF425}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{CA3E3652-B45B-4453-854C-8560416431CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D3CF2762-A89D-4628-BEF2-8B2BB633BF98}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BAACD5-21F8-4DCC-AD28-363807C9C0CC}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{1721C49C-0F4C-406E-AFA2-F272D47DBD17}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{507E22AA-606A-4FDC-AEA3-2B3705DB4500}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{93B422B1-11DF-4518-AAF8-81B07D48A457}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{9DF15337-4E25-42D6-AFE8-E4F24E383B81}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B7B86F52-9DE8-4EA7-87C9-56A486666E54}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{BAF7435B-578D-471D-BF62-6ECDEE6629E1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{CA2F4121-A03B-4CCD-860D-E8B1FA42BFAF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{DC635B1E-56A6-4901-905B-8887F28F6546}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{E98B195C-1506-4128-9965-751FDEA7A09F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{A27C043E-251F-4282-9A85-896E4C055BFB}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{EC78F7D5-895D-45E7-8F1A-AB7D523802A4}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F1A2E4E-E2EE-4806-B7CE-356D83A3CDEB}" = Windows Live Family Safety
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2EBA5473-558B-462C-AEE4-FE50FA799F2A}" = Mouse Driver 1.0
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{41D6CED7-65E8-4EBB-BB1A-B45E2D8CF6D7}" = Windows Live Family Safety
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{643E1970-324F-474C-8610-55F3F053BC01}" = MouseDriver
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Eee Docking_is1" = Eee Docking 3.8.3
"Elantech" = ETDWare PS/2-x86 7.0.5.11_WHQL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"king.com" = king.com (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"o2DE" = Mobile Connection Manager
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Revo Uninstaller" = Revo Uninstaller 1.94
"WinLiveSuite" = Windows Live Essentials
"XnView_is1" = XnView 1.99.1
"ZTE USB Driver" = ZTE USB Driver
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 09.12.2012 12:03:01 | Computer Name = HAL-3000 | Source = Application Virtualization Client | ID = 5009
Description = {tid=888} Application Virtualization Client konnte keine Verbindung
 mit der Datenstrom-URL 'http://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6129.5001.sft'
 herstellen (Rückgabecode 24600F0A-10000001, ursprünglicher Rückgabecode 24600F0A-10000001).
 
Error - 09.12.2012 12:03:01 | Computer Name = HAL-3000 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Fehler bei der Registrierung des Click-2-Run-Pakets.
 
Error - 09.12.2012 15:11:11 | Computer Name = HAL-3000 | Source = Application Virtualization Client | ID = 5009
Description = {tid=888} Application Virtualization Client konnte keine Verbindung
 mit der Datenstrom-URL 'http://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6129.5001.sft'
 herstellen (Rückgabecode 24600F0A-10000001, ursprünglicher Rückgabecode 24600F0A-10000001).
 
Error - 09.12.2012 15:11:11 | Computer Name = HAL-3000 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Fehler bei der Registrierung des Click-2-Run-Pakets.
 
Error - 09.12.2012 17:47:19 | Computer Name = HAL-3000 | Source = Application Virtualization Client | ID = 5009
Description = {tid=87C} Application Virtualization Client konnte keine Verbindung
 mit der Datenstrom-URL 'http://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6129.5001.sft'
 herstellen (Rückgabecode 24600F0A-10000001, ursprünglicher Rückgabecode 24600F0A-10000001).
 
Error - 09.12.2012 17:47:19 | Computer Name = HAL-3000 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Fehler bei der Registrierung des Click-2-Run-Pakets.
 
Error - 09.12.2012 21:20:08 | Computer Name = HAL-3000 | Source = Application Virtualization Client | ID = 5009
Description = {tid=874} Application Virtualization Client konnte keine Verbindung
 mit der Datenstrom-URL 'http://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6129.5001.sft'
 herstellen (Rückgabecode 24600F0A-10000001, ursprünglicher Rückgabecode 24600F0A-10000001).
 
Error - 09.12.2012 21:20:08 | Computer Name = HAL-3000 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Fehler bei der Registrierung des Click-2-Run-Pakets.
 
Error - 10.12.2012 04:41:07 | Computer Name = HAL-3000 | Source = Application Virtualization Client | ID = 5009
Description = {tid=884} Application Virtualization Client konnte keine Verbindung
 mit der Datenstrom-URL 'http://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6129.5001.sft'
 herstellen (Rückgabecode 24600F0A-10000001, ursprünglicher Rückgabecode 24600F0A-10000001).
 
Error - 10.12.2012 04:41:07 | Computer Name = HAL-3000 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Fehler bei der Registrierung des Click-2-Run-Pakets.
 
[ System Events ]
Error - 16.12.2012 14:35:31 | Computer Name = HAL-3000 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 16.12.2012 17:20:14 | Computer Name = HAL-3000 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?12.?2012 um 22:19:01 unerwartet heruntergefahren.
 
Error - 16.12.2012 17:20:14 | Computer Name = HAL-3000 | Source = BugCheck | ID = 1005
Description = 
 
Error - 16.12.2012 17:20:14 | Computer Name = HAL-3000 | Source = BugCheck | ID = 1001
Description = 
 
Error - 16.12.2012 17:20:27 | Computer Name = HAL-3000 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 16.12.2012 18:03:21 | Computer Name = HAL-3000 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 17.12.2012 05:03:02 | Computer Name = HAL-3000 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 17.12.2012 06:01:02 | Computer Name = HAL-3000 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 17.12.2012 07:35:33 | Computer Name = HAL-3000 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 17.12.2012 12:32:25 | Computer Name = HAL-3000 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >

GMER

gmer.txt ( 1. Scan)

Code

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-12-18 00:54:08
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.ES2O
Running: gmer.exe; Driver: C:\Users\SONNEN~1\AppData\Local\Temp\uxliipow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp   tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice  \Driver\tdx \Device\Udp   tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----

gmer1.txt (2. Scan)

Code

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-18 01:37:03
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.ES2O
Running: gmer.exe; Driver: C:\Users\SONNEN~1\AppData\Local\Temp\uxliipow.sys


---- System - GMER 1.0.15 ----

SSDT            895E2D30                                                                                         ZwCreateKey
SSDT            895E5DB8                                                                                         ZwCreateMutant
SSDT            892DA508                                                                                         ZwCreateProcess
SSDT            895D9328                                                                                         ZwCreateProcessEx
SSDT            895E5A08                                                                                         ZwCreateSymbolicLinkObject
SSDT            895E44A8                                                                                         ZwCreateThread
SSDT            895E42D0                                                                                         ZwCreateThreadEx
SSDT            895DDD70                                                                                         ZwCreateUserProcess
SSDT            895E2740                                                                                         ZwDeleteKey
SSDT            895E4E10                                                                                         ZwDeleteValueKey
SSDT            895E5830                                                                                         ZwDuplicateObject
SSDT            895E40F8                                                                                         ZwLoadDriver
SSDT            895E1268                                                                                         ZwOpenProcess
SSDT            895E4858                                                                                         ZwOpenSection
SSDT            895DCA98                                                                                         ZwOpenThread
SSDT            895E2448                                                                                         ZwRenameKey
SSDT            895E2150                                                                                         ZwRestoreKey
SSDT            895E5BE0                                                                                         ZwSetSystemInformation
SSDT            895E2A38                                                                                         ZwSetValueKey
SSDT            895DC7A0                                                                                         ZwTerminateProcess
SSDT            895DC548                                                                                         ZwTerminateThread
SSDT            895E4680                                                                                         ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         81E58A49 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           81E924D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11BF                                                              81E995F4 4 Bytes  [30, 2D, 5E, 89]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                              81E99604 4 Bytes  [B8, 5D, 5E, 89]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11E3                                                              81E99618 8 Bytes  [08, A5, 2D, 89, 28, 93, 5D, ...]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11FF                                                              81E99634 12 Bytes  [08, 5A, 5E, 89, A8, 44, 5E, ...]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 121B                                                              81E99650 4 Bytes  [70, DD, 5D, 89]
.text           ...                                                                                              

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                          tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004b                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                                          tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da17155                      
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da17155 (not active ControlSet)  

---- EOF - GMER 1.0.15 ----

HIJACK-THIS (online gescannt - hoffe das ist nicht schlimm):

Code

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:09:11, on 18.12.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Asus\Eee Docking\Eee Docking.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\MouseDriver\OfficeMouse.exe
C:\Program Files\syncables\syncables desktop\syncables.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
C:\Program Files\o2\Mobile Connection Manager\EMMSN.exe
C:\Program Files\o2\Nori\Nori.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\NOTEPAD.EXE
C:\Users\Sonnengöttin\Desktop\HijackThis.exe
C:\windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://welt.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.26010003&st=12
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [CapsHook] AsusSender.exe C:\Program Files\ASUS\CapsHook\CapsHook.exe
O4 - HKLM\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
O4 - HKLM\..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [iWareV3] C:\Program Files\MouseDriver\OfficeMouse.exe
O4 - HKCU\..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD865088-D392-4A8E-B591-5CB6E7F4E6E6}: NameServer = 193.189.244.206 193.189.244.225
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\windows\system32\AsusService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: TGCM_ImportWiFiSvc - Unknown owner - C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
O23 - Service: VideAceWindowsService - Unknown owner - C:\ExpressGateUtil\VAWinService.exe

--
End of file - 6391 bytes

Das war es bis hierhin. Ich habe die Tags für den Code manuell eingegeben ich hoffe das funktioniert.

Lieben Gruß
Sonnengöttin[/i]

#2 Downloade Dir bitte Malwarebytes
• Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

#3 Hallo Swisstreasure,
danke erst mal für die Antwort. Ich loade dann mal down :-)

#4 Hallo Swisstreasure,


bingo! Angeblich wurde eine infizierte Datei gefunden. Habe wie mir geheißen auf 'Entferne Auswahl' geklickt. Wurde angeblich erfolgreich abgeschlossen.

Hier der Logfile:

Code

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.18.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sonnengöttin :: HAL-3000 [Administrator]

Schutz: Aktiviert

19.12.2012 00:45:34
mbam-log-2012-12-19 (00-45-34).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 191536
Laufzeit: 9 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Lieben Gruß
Sonnengöttin

#5 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop.
• Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
• Das Tool wird sich öffnen und mit dem Scan beginnen.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

#6 Hallo Swisstreasure,

hier der Logfile:

Code

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.1.9 (12.19.2012:1)
OS: Windows 7 Starter x86
Ran by Sonneng”ttin on 19.12.2012 at 22:12:28,69
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\systweak
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}



~~~ Files

Successfully deleted: [File] C:\windows\tasks\DLL-files.com Fixer_MONTHLY.job
Successfully deleted: [File] C:\windows\tasks\DLL-files.com Fixer_UPDATES.job



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Sonneng”ttin\AppData\Roaming\advanced system protector"
Successfully deleted: [Folder] "C:\Users\Sonneng”ttin\AppData\Roaming\systweak"



~~~ FireFox

Successfully deleted: [File] C:\Users\Sonneng”ttin\AppData\Roaming\mozilla\firefox\profiles\ck05pf5x.default\searchplugins\sweetim.xml
Successfully deleted: [File] C:\Users\Sonneng”ttin\AppData\Roaming\mozilla\firefox\profiles\jc64e605.default-1346777696175\searchplugins\sweetim.xml
Successfully deleted the following from C:\Users\Sonneng”ttin\AppData\Roaming\mozilla\firefox\profiles\ck05pf5x.default\prefs.js

user_pref("browser.startup.homepage", "http://home.sweetim.com/?crg=3.26010003&st=12");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "www.google.de");
user_pref("sweetim.toolbar.urls.homepage", "http://home.sweetim.com/?crg=3.26010003&st=12");
user_pref("browser.search.defaultenginename", "SweetIM Search");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("browser.search.selectedEngine", "SweetIM Search");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("keyword.URL", "http://search.sweetim.com/search.asp?src=2&q=");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
Successfully deleted the following from C:\Users\Sonneng”ttin\AppData\Roaming\mozilla\firefox\profiles\jc64e605.default-1346777696175\prefs.js

user_pref("browser.search.defaultenginename", "SweetIM Search");
user_pref("browser.search.selectedEngine", "SweetIM Search");
user_pref("keyword.URL", "http://search.sweetim.com/search.asp?src=2&q=");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "dienews.de");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.urls.homepage", "http://home.sweetim.com/?crg=3.26010003&st=12");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.12.2012 at 22:22:35,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Lieben Gruß und danke für Deine Hilfe bisher :o)

#7 Wie sieht es aus? Werden die Sites wieder angezeigt?

#8 Hallo Swisstreasure,

also nach wie vor werden einige Seiten angezeigt und andere nicht darunter King.com, Gimigames also Spieleseiten halt. Adobe lädt nicht z.B. Findversion auch die Hauptseite nicht.

Woran kann es denn noch liegen?
Adobe Flash Player wird in der Systemsteuerung angezeigt.

Was war das denn übrigens für ein Vieh das mit der Malware-Software entfernt wurde?
Kann das über Wlan gekommen sein?

Kann man denn im Hotel z.B. an der Rezeption in meine Daten gucken, wenn Heimnetzwerk gewählt wurde? Dateien und Ordner sind nicht freigegeben in meinen Einstellungen.

Kann ich jetzt Malwarebytes und OTL vom PC entfernen?

Gruß Sonnengöttin

#9 Hallo...ich möchte nur anmerken, daß ich bevor ich hier diesen Beitrag geschrieben habe auch im hijack-this-Forum Hilfe beanspruchen wollte. Daher findet man einen ähnlichen Beitrag von mir dort - da aber nach 2 Tagen noch keine Reaktion kam habe ich mich nach einem anderen Forum umgesehen und bin hierher gekommen.

Ich würde, weil ich hier einmal angefangen habe - gerne weitermachen ( nach dem Motto zuviele Köche verderben den Brei) und hinterlasse im anderen Forum eine entsprechende Nachricht.

Lieben Gruß
Sonnengöttin

#10 Hast Du mit Firefox und IE schon versucht und verglichen?

Nein so einfach kommt er nicht an die Daten.

#11 Also mit IE ist es dasselbe Spiel. Nach dem Versuch eine Seite zu laden kam diese Meldung:

Code

keine Verbindung möglich: Host 'hznweb1-app.prov0.asv.de' blockiert wegen zu vieler Verbindungsfehler. Aufheben der Blockierung mit 'mysqladmin flush-hosts'

Es ging ein Fenster auf mit der Frage, ob ich die Seite Debuggen möchte diese enthält Fehler.

Habe keine Ahnung was 'Debuggen' ist habe aber mal ok angeklickt und 'nen ellenlagen Bericht bekommen der leider zu lang für hier ist.

Die Zusammenfassung davon:

Code

SCRIPT5007: Für die Eigenschaft "init" kann kein Wert abgerufen werden: Das Objekt ist Null oder undefiniert 
site.js.jsp?_v=85&issecure=false&lang=de&partner=freenet, Zeile 4702 Zeichen 7
Aktualisieren Sie die Seite, um Meldungen anzuzeigen, die ggf. angezeigt wurden, bevor die Entwicklertools (F12) geöffnet wurden. 
HTML1200: "king.com" befindet sich auf der Internet Explorer 9-Kompatibilitätsansichtsliste ("C:\Users\Sonnengöttin\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml"). 
?language=de
HTML1200: "king.com" befindet sich auf der Internet Explorer 9-Kompatibilitätsansichtsliste ("C:\Users\Sonnengöttin\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml"). 
?language=de
SCRIPT438: Das Objekt unterstützt die Eigenschaft oder Methode "template" nicht 
?language=de, Zeile 248 Zeichen 8
SCRIPT438: Das Objekt unterstützt die Eigenschaft oder Methode "template" nicht 
?language=de, Zeile 248 Zeichen 8

Ich weiß nicht was ich damit anfangen soll.


Lieben Gruß und schöne Feiertage
Sonnengöttin

#12 Dann war die Software

Microsoft Live Mesh Active X Control for Remote Connections

5 x auf meinem PC vorhanden ( Systemsteuerung ->Programme & Funktionen und/oder Revo-Uninstaller zeigten dies an).

Was ist das für eine Software? Gibt noch mehrere derart aber ich weiß nicht was ich einfach rausschmeißen kann. Oben die Sachen sind schon in den Müll gewandert.

Gruß Sonnengöttin

#13 Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
• ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
• Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

#14 Hallo hier ist der gewünschte Logfile:

Code

ComboFix 12-12-27.03 - Sonnengöttin 27.12.2012  22:21:04.1.4 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.268 [GMT 1:00]
ausgeführt von:: c:\users\Sonneng÷ttin\Desktop\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-27 bis 2012-12-27  ))))))))))))))))))))))))))))))
.
.
2012-12-27 21:35 . 2012-12-27 21:35    --------    d-----w-    c:\users\Default\AppData\Local\temp
2012-12-27 21:19 . 2012-12-27 21:19    60872    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{9AABA024-1099-4721-A81A-BD508758AC74}\offreg.dll
2012-12-27 21:17 . 2012-12-27 21:17    --------    d-----r-    c:\users\Sonnengöttin\Videos
2012-12-27 20:12 . 2012-11-08 18:00    6812136    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{9AABA024-1099-4721-A81A-BD508758AC74}\mpengine.dll
2012-12-24 19:05 . 2012-12-24 19:05    --------    d-----w-    c:\windows\system32\Adobe
2012-12-22 01:49 . 2012-12-16 14:13    295424    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-22 01:49 . 2012-12-16 14:13    34304    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-19 21:12 . 2012-12-19 21:12    --------    d-----w-    c:\windows\ERUNT
2012-12-19 21:12 . 2012-12-19 21:12    --------    d-----w-    C:\JRT
2012-12-18 22:40 . 2012-12-18 22:40    --------    d-----w-    c:\users\Sonnengöttin\AppData\Roaming\Malwarebytes
2012-12-18 22:40 . 2012-12-18 22:40    --------    d-----w-    c:\programdata\Malwarebytes
2012-12-13 09:40 . 2012-11-09 04:42    2048    ----a-w-    c:\windows\system32\tzres.dll
2012-12-13 09:34 . 2012-11-02 05:11    376832    ----a-w-    c:\windows\system32\dpnet.dll
2012-12-05 18:28 . 2012-12-25 23:12    --------    d-----w-    c:\users\Sonnengöttin\Downloads
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-24 19:04 . 2012-09-22 00:24    32608    ----a-w-    c:\windows\king-uninstall.exe
2012-12-19 01:15 . 2012-10-16 21:13    697272    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2012-12-19 01:15 . 2012-10-16 21:13    73656    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-04 16:32 . 2010-06-24 18:33    19696    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-10-16 07:39 . 2012-11-28 09:09    561664    ----a-w-    c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-14 11:24    44032    ----a-w-    c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 11:24    193536    ----a-w-    c:\windows\system32\dhcpcore6.dll
2012-10-07 15:37 . 2012-10-07 15:37    3584    ----a-r-    c:\users\Sonnengöttin\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-10-07 15:37 . 2012-10-07 15:37    3584    ----a-r-    c:\users\Sonnengöttin\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-10-03 16:58 . 2012-11-14 11:29    1293680    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-14 11:29    52224    ----a-w-    c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-14 11:29    242176    ----a-w-    c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-14 11:29    175104    ----a-w-    c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 11:29    18944    ----a-w-    c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-14 11:29    156672    ----a-w-    c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-14 11:29    499712    ----a-w-    c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-14 11:29    35328    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2012-06-14 22:19 . 2012-07-16 07:02    85472    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 548744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"HotkeyMon"="AsusSender.exe" [2011-03-11 34728]
"HotkeyService"="AsusSender.exe" [2011-03-11 34728]
"SuperHybridEngine"="AsusSender.exe" [2011-03-11 34728]
"LiveUpdate"="AsusSender.exe" [2011-03-11 34728]
"CapsHook"="AsusSender.exe" [2011-03-11 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2011-01-06 414384]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-10 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-10 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-24 9722472]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-03-23 45448]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2011-04-21 2018032]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"iWareV3"="c:\program files\MouseDriver\OfficeMouse.exe" [2009-03-27 507904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [x]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-16 01:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://welt.de/
mStart Page = hxxp://www.google.com
FF - ProfilePath - c:\users\Sonnengöttin\AppData\Roaming\Mozilla\Firefox\Profiles\l6fohtts.default-1355699886394\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-17 02:36; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\Sonnengöttin\AppData\Roaming\Mozilla\Firefox\Profiles\l6fohtts.default-1355699886394\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-27  22:40:15
ComboFix-quarantined-files.txt  2012-12-27 21:40
.
Vor Suchlauf: 10 Verzeichnis(se), 82.291.011.584 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 83.046.649.856 Bytes frei
.
- - End Of File - - 52BCF36B342EE354A8C9C3B6DD220931

Lieben Gruß
Sonnengöttin

#15 Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop.
• Schließe alle laufenden Programme.
• Trenne dich von Internet.
• Deaktiviere deine AntiViren Software.
• Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Drücke auf Start scan.
Mache während dem Scan nichts am Rechner

• Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
• Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten.
Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot.
• Die Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
• Bitte poste mir den Inhalt hier in deinen Thread.Bebilderte Anleitung zur Benutzung von TDSSKiller.