Grüße euch,

ich habe/hatte? Antisyp Soft drauf und habe es nach Anleitung die hier im Thema "was tun bei „Antispyware soft“ gelöscht.

Nun wir aber zum Beispiel der Download von Updates für Avira gebockt. Das gleich gilt für Windows Visa Updates.

Ich gehe davon aus, dass das Problem noch nicht gelöst ist.

Hat der Virus irgendwelche Einstellungen nur verändert oder ist er noch da?


Danke schon mal, Gruß Josef

Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten, auch alle evtl schon zuvor erstellten
Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

Hallo Cosinus!

Ich habe das Programm ausgeführt:

OTL Extras logfile created on: 10.05.2010 00:59:37 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Ingrid\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,52 Gb Total Space | 769,74 Gb Free Space | 84,45% Space Free | Partition Type: NTFS
Drive D: | 19,98 Gb Total Space | 9,80 Gb Free Space | 49,02% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 100,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: INGRID-PC
Current User Name: Ingrid
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" File not found
https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001BEE00-47B8-4A3C-8796-1C38B49B9D0E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0A5517EF-E1A6-4DF4-8BE6-F0388CD045F1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{18516C52-6C1F-4B7A-BF74-6965F5CCE6CD}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1BD448D5-BDD0-4274-A305-7FF3DA5C62C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20B3ADB6-C74B-4E5B-BD27-E3C6D980533F}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{238A54FD-CE27-4B60-A898-2B588C89E143}" = lport=445 | protocol=6 | dir=in | app=system |
"{24F06CA9-1674-4253-9F03-29C35E4873E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{26B253C8-3501-4D0B-AD21-58BB12A7E4B1}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D8B93C6-6312-4C02-8E29-18435D65A42C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2DD97C11-37E2-4DD7-B455-A20A4F161FED}" = rport=445 | protocol=6 | dir=out | app=system |
"{3025DBE3-092F-41E7-8639-7B0F814CB52C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{40CAA53A-FB74-4B2A-B51F-F229303057C5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{40D9C6D4-7268-4229-B37B-EF68C6782FC4}" = rport=2869 | protocol=6 | dir=out | app=system |
"{4762F6CD-6823-49E9-966E-ED1534583080}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{52A4A6D9-4923-4D4C-8DAA-572583334E3C}" = rport=139 | protocol=6 | dir=out | app=system |
"{57A792B6-58E8-40C6-B14E-6C6D07FFE52B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{64CE4346-67A4-4484-B67F-342452B73853}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{69A6E623-291C-4558-BB60-2C3DEF31FD6D}" = rport=138 | protocol=17 | dir=out | app=system |
"{6C173F61-5434-43E9-8ADD-1D2840F3E774}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A2E3706-C630-4905-A551-150D1F4F168C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7EF83093-1F56-48A9-BEE1-36709A828EFE}" = lport=139 | protocol=6 | dir=in | app=system |
"{90258AFE-65C7-4E8F-9F41-0475B70588A3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{923E2B4E-CE5E-46F0-A794-F1E30680FDAE}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{9A64DA4A-8F62-4A9B-83E9-0F0AC6C8D61E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{9F76BF8B-90FC-4261-97B2-855F4170E75A}" = rport=137 | protocol=17 | dir=out | app=system |
"{AD8D4D8F-772A-4041-A554-2D72BBA8FF01}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C0E2DE46-B9CC-43FD-997D-4109E45B326E}" = lport=137 | protocol=17 | dir=in | app=system |
"{E27EA5D3-8A65-4DCE-966D-A0AC7D8C4737}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E882AAA3-D43C-49CC-A0D5-00E6E2700FE0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FA420498-05D0-431F-ADBD-8A96044F5C90}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D02C4C-30B8-487A-9396-1AEB431B5046}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{020955EA-FFA9-4AF2-88F8-77E571B5BC79}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{09D8195B-0113-4047-8FC5-F5955A01CFD1}" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{0E170C43-7E60-4051-A259-F7D074B0667D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{105B54B9-1456-4009-BA79-6E1E88E229C5}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{1164C742-4982-4BA2-99C4-629F9BA91239}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{14E6FD8D-7504-4097-8F29-3D0F1CB8202E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{196BF418-EC72-4845-A016-F7DBB88B153B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{35A72255-897C-4CB9-A368-E452B45A6F94}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{3831D5E9-1A4F-476A-B0BE-B01CB6B67EEE}" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{3B7C2E45-72B8-4D16-A80B-5F622D816F79}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{596A0C30-94E0-4045-A8CD-24C8490CFD24}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5F116239-3CA1-4923-8825-160C0CEB2568}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{626C1509-B026-469C-808C-6277C3078D6D}" = protocol=17 | dir=in | app=c:\windows\system32\cnab4rpk.exe |
"{67EFEE44-8EF1-499F-8321-BB0DA692E236}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{83ACBBC7-0EB2-41C7-A828-1118EB14FCA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8853C6D7-E250-462B-9C94-D264059EDE02}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{9EBFB53F-0C91-430C-8FFA-51251E33CC23}" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"{A5780613-6970-472E-8CE5-60C48567BB6E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{B0F41ADA-0687-40E8-8AC8-F47E120D1EA5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{BC0E1D71-EF17-4385-9A73-A87E58835758}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C55D667F-6E1C-4256-BC42-CB01C1270509}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C5FDC430-319D-47C0-8E5E-1BE1F535AC99}" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{C80197EB-7EB3-49F1-A156-3974D96D0123}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D0F28994-9D74-4E78-9924-29E3BB8B98F1}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{D3639808-2CFD-4C3B-9C7A-E9445BD070FE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{DAE2498F-E1DD-45CA-8C4C-CD0A59E1106D}" = protocol=6 | dir=in | app=c:\windows\system32\cnab4rpk.exe |
"{DE2D5BDB-745C-4933-98BC-383D78B09D2B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{E47AE2F5-D772-403E-A333-68CE8EC74218}" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{F193E816-DF88-46FB-85D9-CA86766719CE}" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{17E345DA-5E8B-4093-92F4-85AC20D6B2E4}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"TCP Query User{9312C060-402D-4489-B5D1-834BAB2242B5}C:\program files\t-online\t-online_software_6\internet-telefon\phone.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\internet-telefon\phone.exe |
"TCP Query User{AA12A19C-1C81-48F4-8D9B-3263D76AE6B4}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"UDP Query User{1A15BDD9-ACAD-4025-BCAD-19644627BCEA}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"UDP Query User{796B7F27-C4D8-48E5-96AE-EDE25E6A3E82}C:\program files\t-online\t-online_software_6\internet-telefon\phone.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\internet-telefon\phone.exe |
"UDP Query User{AED5FD3F-B398-49ED-AD18-930949A50394}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = Microtek FineReader OCR Engine
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon LBP2900" = Canon LBP2900
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07.05.2010 22:48:29 | Computer Name = Ingrid-PC | Source = VSS | ID = 8194
Description =

Error - 08.05.2010 12:00:45 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 08.05.2010 12:00:45 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 08.05.2010 12:01:08 | Computer Name = Ingrid-PC | Source = WinMgmt | ID = 10
Description =

Error - 09.05.2010 12:45:07 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09.05.2010 12:45:07 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09.05.2010 12:45:52 | Computer Name = Ingrid-PC | Source = WinMgmt | ID = 10
Description =

Error - 09.05.2010 18:14:28 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09.05.2010 18:14:28 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09.05.2010 18:15:43 | Computer Name = Ingrid-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 05.05.2010 23:33:44 | Computer Name = Ingrid-PC | Source = HTTP | ID = 15016
Description =

Error - 06.05.2010 10:46:17 | Computer Name = Ingrid-PC | Source = HTTP | ID = 15016
Description =

Error - 06.05.2010 10:47:22 | Computer Name = Ingrid-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.

Error - 06.05.2010 21:40:38 | Computer Name = Ingrid-PC | Source = HTTP | ID = 15016
Description =

Error - 06.05.2010 21:56:05 | Computer Name = Ingrid-PC | Source = HTTP | ID = 15016
Description =

Error - 06.05.2010 22:01:27 | Computer Name = Ingrid-PC | Source = HTTP | ID = 15016
Description =

Error - 07.05.2010 10:36:22 | Computer Name = Ingrid-PC | Source = HTTP | ID = 15016
Description =

Error - 07.05.2010 10:39:25 | Computer Name = Ingrid-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.

Error - 07.05.2010 10:54:16 | Computer Name = Ingrid-PC | Source = DCOM | ID = 10010
Description =

Error - 09.05.2010 12:45:33 | Computer Name = Ingrid-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.


< End of report >


JETZT NUMMER 2


OTL logfile created on: 10.05.2010 00:59:36 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Ingrid\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,52 Gb Total Space | 769,74 Gb Free Space | 84,45% Space Free | Partition Type: NTFS
Drive D: | 19,98 Gb Total Space | 9,80 Gb Free Space | 49,02% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 100,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: INGRID-PC
Current User Name: Ingrid
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Ingrid\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\CNAB4RPK.EXE (CANON INC.)
PRC - C:\ScanWizard 5\ScannerFinder.exe ()
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\System32\PSIService.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Ingrid\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.02 22:58:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.02 22:58:04 | 000,000,000 | ---D | M]

[2010.02.09 20:46:56 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\mozilla\Extensions
[2010.05.09 18:55:55 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\xu7o1wrr.default\extensions
[2010.04.27 13:14:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\xu7o1wrr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.09 20:46:32 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Feeds] C:\Windows\feeds.bat ()
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.174 80.69.100.206
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ingrid\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ingrid\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.04.23 13:00:00 | 000,000,041 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2dd48f46-19df-11de-b4b4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2dd48f46-19df-11de-b4b4-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Setup.exe -- [2007.04.24 04:15:19 | 004,508,432 | R--- | M] (Logitech Inc.)
O33 - MountPoints2\{4b2f474a-2f12-11de-b916-806e6f6e6963}\Shell\AutoRun\command - "" = J:\wdsync.exe -- File not found
O33 - MountPoints2\{9a4da7a9-6482-11de-a802-dc9854a956d9}\Shell - "" = AutoRun
O33 - MountPoints2\{9a4da7a9-6482-11de-a802-dc9854a956d9}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.08 06:28:38 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2010.05.08 04:47:58 | 000,000,000 | ---D | C] -- C:\Users\Ingrid\AppData\Local\hoxqemjrf
[2010.05.08 03:15:46 | 000,000,000 | ---D | C] -- C:\Users\Ingrid\AppData\Roaming\TeamViewer
[2010.05.08 03:15:42 | 000,000,000 | ---D | C] -- C:\Users\Ingrid\temp
[2010.05.08 03:03:20 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010.05.08 03:03:19 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010.05.08 03:03:18 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010.05.08 03:02:52 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010.05.08 03:02:52 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010.05.08 03:02:51 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010.05.08 03:02:51 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010.05.08 03:02:51 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010.05.08 03:02:51 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010.05.08 03:02:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010.05.08 03:02:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010.05.08 03:02:50 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010.05.08 03:02:50 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010.05.08 03:02:50 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010.05.08 03:02:50 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010.05.08 03:02:50 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010.05.08 03:02:50 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010.05.08 03:02:50 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010.05.08 03:02:50 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010.05.08 03:02:50 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010.05.08 03:02:50 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010.05.08 03:02:50 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010.05.08 03:02:50 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010.05.08 03:02:50 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010.05.08 03:02:50 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010.05.08 03:02:50 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010.05.08 03:02:50 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010.05.08 03:02:50 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010.05.08 03:02:24 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010.05.08 03:02:24 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010.05.08 03:02:22 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010.05.08 03:02:21 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010.05.08 03:02:21 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010.05.08 03:02:21 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2010.05.08 03:02:21 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010.05.08 03:02:21 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010.05.08 03:02:21 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2010.05.08 03:02:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2010.05.08 03:02:20 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010.05.08 03:02:20 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010.05.08 03:01:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010.05.08 03:01:33 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010.05.08 02:17:24 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010.05.08 02:17:06 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2010.05.07 21:56:58 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.05.07 21:56:58 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.05.07 21:56:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.05.07 16:54:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010.05.07 16:54:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010.05.07 16:54:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010.05.07 16:41:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010.05.07 03:57:23 | 000,000,000 | ---D | C] -- C:\Users\Ingrid\AppData\Roaming\Avira
[2010.04.15 01:02:08 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.15 01:02:07 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.15 01:02:04 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.15 01:02:01 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.15 01:02:01 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm


========== Files - Modified Within 30 Days ==========

[2010.05.10 01:00:00 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2010.05.10 00:59:15 | 001,835,008 | -HS- | M] () -- C:\Users\Ingrid\NTUSER.DAT
[2010.05.10 00:56:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.10 00:56:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.10 00:20:45 | 001,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.10 00:20:45 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.10 00:20:45 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.10 00:20:45 | 000,142,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.10 00:20:45 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.10 00:16:33 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.05.10 00:14:11 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.10 00:14:11 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.10 00:14:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.10 00:14:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.10 00:13:58 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.09 20:35:51 | 000,524,288 | -HS- | M] () -- C:\Users\Ingrid\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.05.09 20:35:51 | 000,065,536 | -HS- | M] () -- C:\Users\Ingrid\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.05.09 20:35:37 | 002,161,564 | -H-- | M] () -- C:\Users\Ingrid\AppData\Local\IconCache.db
[2010.05.08 06:28:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010.05.08 06:28:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.05.07 16:59:24 | 000,306,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.04 21:26:58 | 000,068,096 | ---- | M] () -- C:\Users\Ingrid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.29 12:48:43 | 000,040,448 | ---- | M] () -- C:\Users\Ingrid\Desktop\sozi3.wps
[2010.04.29 12:23:55 | 000,003,190 | ---- | M] () -- C:\Users\Ingrid\AppData\Roaming\wklnhst.dat
[2010.04.28 02:57:26 | 000,037,888 | ---- | M] () -- C:\Users\Ingrid\Desktop\sozi2.wps
[2010.04.28 02:04:16 | 000,035,328 | ---- | M] () -- C:\Users\Ingrid\Desktop\sozi.wps
[2010.04.14 18:26:39 | 000,091,648 | ---- | M] () -- C:\Users\Ingrid\Desktop\Themenblock_B.wps
[2010.04.14 18:26:24 | 000,055,808 | ---- | M] () -- C:\Users\Ingrid\Desktop\Themenblock_B_-_Anatomie_Die_Zelle.wps
[2010.04.13 23:20:41 | 000,000,162 | -H-- | M] () -- C:\Users\Ingrid\Desktop\~$zelle.doc
[2010.04.13 20:08:38 | 000,037,376 | ---- | M] () -- C:\Users\Ingrid\Desktop\zelle 2.wps
[2010.04.13 20:08:26 | 000,036,352 | ---- | M] () -- C:\Users\Ingrid\Desktop\zelle.doc

========== Files Created - No Company Name ==========

[2010.05.08 06:28:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010.05.08 06:28:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.04.28 02:57:32 | 000,040,448 | ---- | C] () -- C:\Users\Ingrid\Desktop\sozi3.wps
[2010.04.28 02:32:08 | 000,037,888 | ---- | C] () -- C:\Users\Ingrid\Desktop\sozi2.wps
[2010.04.27 15:02:17 | 000,035,328 | ---- | C] () -- C:\Users\Ingrid\Desktop\sozi.wps
[2010.04.14 18:26:39 | 000,091,648 | ---- | C] () -- C:\Users\Ingrid\Desktop\Themenblock_B.wps
[2010.04.14 18:26:24 | 000,055,808 | ---- | C] () -- C:\Users\Ingrid\Desktop\Themenblock_B_-_Anatomie_Die_Zelle.wps
[2010.04.13 23:20:41 | 000,000,162 | -H-- | C] () -- C:\Users\Ingrid\Desktop\~$zelle.doc
[2010.04.13 20:08:38 | 000,037,376 | ---- | C] () -- C:\Users\Ingrid\Desktop\zelle 2.wps
[2010.04.13 20:08:25 | 000,036,352 | ---- | C] () -- C:\Users\Ingrid\Desktop\zelle.doc
[2010.03.01 10:46:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.10.20 21:36:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.07 14:08:49 | 000,285,216 | ---- | C] () -- C:\Windows\System32\drivers\Onsio.sys
[2009.04.07 14:08:49 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\Onsreged.sys
[2009.01.23 16:37:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >


Hoffe, das es so richtig ist.

Was ist mit Malwarebytes?

So, da bin ich wieder.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4085

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11.05.2010 00:16:08
mbam-log-2010-05-11 (00-16-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Durchsuchte Objekte: 247036
Laufzeit: 1 Stunde(n), 2 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



Das Programm hat jetzt die beiden Daten/Viren, wie auch immer gelöscht.

Trotzdem funktioniert das Updaten von Avira nicht. Ich weiß nicht weiter

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O4 - HKCU..\Run: [Feeds] C:\Windows\feeds.bat ()
O33 - MountPoints2\{2dd48f46-19df-11de-b4b4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2dd48f46-19df-11de-b4b4-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Setup.exe -- [2007.04.24 04:15:19 | 004,508,432 | R--- | M] (Logitech Inc.)
O33 - MountPoints2\{4b2f474a-2f12-11de-b916-806e6f6e6963}\Shell\AutoRun\command - "" = J:\wdsync.exe -- File not found
O33 - MountPoints2\{9a4da7a9-6482-11de-a802-dc9854a956d9}\Shell - "" = AutoRun
O33 - MountPoints2\{9a4da7a9-6482-11de-a802-dc9854a956d9}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
:Files
C:\Users\Ingrid\AppData\Local\hoxqemjrf
C:\Windows\feeds.bat
C:\Windows\fonts\*.com
C:\Windows\fonts\*.exe
C:\Windows\tasks\*.com
C:\Windows\tasks\*.exe
C:\Windows\tasks\at*.job
c:\Windows\*.tmp
:Commands
[purity]
[resethosts]
[emptytemp]
         

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Hallo Arne,

ich habe mich an deine Vorgaben gehalten und folgendes ist raus gekommen:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Feeds deleted successfully.
C:\Windows\feeds.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dd48f46-19df-11de-b4b4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2dd48f46-19df-11de-b4b4-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dd48f46-19df-11de-b4b4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2dd48f46-19df-11de-b4b4-806e6f6e6963}\ not found.
File move failed. H:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b2f474a-2f12-11de-b916-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b2f474a-2f12-11de-b916-806e6f6e6963}\ not found.
File J:\wdsync.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a4da7a9-6482-11de-a802-dc9854a956d9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a4da7a9-6482-11de-a802-dc9854a956d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a4da7a9-6482-11de-a802-dc9854a956d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a4da7a9-6482-11de-a802-dc9854a956d9}\ not found.
File K:\LaunchU3.exe not found.
========== FILES ==========
C:\Users\Ingrid\AppData\Local\hoxqemjrf folder moved successfully.
File\Folder C:\Windows\feeds.bat not found.
C:\Windows\fonts\GlobalMonospace.CompositeFont moved successfully.
C:\Windows\fonts\GlobalSansSerif.CompositeFont moved successfully.
C:\Windows\fonts\GlobalSerif.CompositeFont moved successfully.
C:\Windows\fonts\GlobalUserInterface.CompositeFont moved successfully.
File\Folder C:\Windows\fonts\*.exe not found.
File\Folder C:\Windows\tasks\*.com not found.
File\Folder C:\Windows\tasks\*.exe not found.
File\Folder C:\Windows\tasks\at*.job not found.
File\Folder c:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ingrid
->Temp folder emptied: 1601633 bytes
->Temporary Internet Files folder emptied: 330630685 bytes
->Java cache emptied: 4242437 bytes
->FireFox cache emptied: 73823938 bytes
->Flash cache emptied: 28610 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54514803 bytes
RecycleBin emptied: 33776833 bytes

Total Files Cleaned = 476,00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05112010_151153

Files\Folders moved on Reboot...
File move failed. H:\Setup.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Gruß Josef

Ok. Dann bitte nun CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

So, ich war fleißig:

ComboFix 10-05-11.04 - Ingrid 12.05.2010 5:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3325.2408 [GMT 2:00]
ausgeführt von:: c:\users\Ingrid\Desktop\Cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((( Dateien erstellt von 2010-04-12 bis 2010-05-12 ))))))))))))))))))))))))))))))
.

2010-05-12 03:12 . 2010-05-12 03:12 -------- d-----w- c:\users\Ingrid\AppData\Local\temp
2010-05-12 03:12 . 2010-05-12 03:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-12 02:58 . 2010-05-12 02:58 -------- d-----w- C:\CCleaner
2010-05-11 13:11 . 2010-05-11 13:11 -------- d-----w- C:\_OTL
2010-05-10 11:35 . 2010-05-10 11:35 -------- d-----w- c:\users\Ingrid\AppData\Roaming\Malwarebytes
2010-05-10 11:34 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 11:34 . 2010-05-10 11:35 -------- d-----w- C:\Malwarebytes' Anti-Malware
2010-05-10 11:34 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-08 04:28 . 2010-05-08 04:28 -------- d-----w- c:\program files\Windows Portable Devices
2010-05-08 01:15 . 2010-05-08 01:15 -------- d-----w- c:\users\Ingrid\AppData\Roaming\TeamViewer
2010-05-08 01:15 . 2010-05-08 01:15 -------- d-----w- c:\users\Ingrid\temp
2010-05-08 01:03 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-08 01:03 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-08 01:03 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-08 01:01 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-08 01:01 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-08 01:01 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-08 00:17 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-05-08 00:17 . 2010-05-08 00:17 -------- d-----w- c:\program files\Panda Security
2010-05-07 19:56 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-07 19:56 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-07 19:56 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-07 14:54 . 2010-05-07 14:55 -------- d-----w- c:\windows\system32\ca-ES
2010-05-07 14:54 . 2010-05-07 14:55 -------- d-----w- c:\windows\system32\eu-ES
2010-05-07 14:54 . 2010-05-07 14:55 -------- d-----w- c:\windows\system32\vi-VN
2010-05-07 14:41 . 2010-05-07 14:41 -------- d-----w- c:\windows\system32\EventProviders
2010-05-07 01:57 . 2010-05-07 01:57 -------- d-----w- c:\users\Ingrid\AppData\Roaming\Avira
2010-04-14 23:02 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 23:02 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 23:02 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 23:02 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 23:02 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 23:02 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 23:01 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 23:01 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 23:01 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 11:43 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 11:43 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-12 02:38 . 2009-01-20 22:18 664044 ----a-w- c:\windows\system32\perfh007.dat
2010-05-12 02:38 . 2009-01-20 22:18 142416 ----a-w- c:\windows\system32\perfc007.dat
2010-05-11 18:19 . 2009-04-05 15:20 3784 ----a-w- c:\users\Ingrid\AppData\Roaming\wklnhst.dat
2010-05-08 04:28 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-08 04:28 . 2010-05-08 04:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-05-08 04:28 . 2010-05-08 04:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-07 14:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-05-07 14:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-07 14:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-05-07 14:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-05-07 14:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-05-07 14:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-05-07 14:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-05-06 08:36 . 2009-10-03 14:43 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-02 15:21 . 2010-02-19 04:55 -------- d-----w- c:\users\Ingrid\AppData\Roaming\vlc
2010-04-11 01:26 . 2009-04-07 13:05 -------- d-----w- c:\users\Ingrid\AppData\Roaming\Skype
2010-04-06 10:20 . 2009-01-22 11:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-04 17:53 . 2010-02-16 19:16 -------- d-----w- c:\users\Ingrid\AppData\Roaming\U3
2010-03-22 19:06 . 2009-03-26 08:41 73880 ----a-w- c:\users\Ingrid\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-20 02:07 . 2010-03-20 02:04 -------- d-----w- c:\program files\Common Files\Logishrd
2010-03-20 02:06 . 2010-03-20 02:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-03-20 02:06 . 2010-02-16 21:32 -------- d-----w- c:\program files\Common Files\Logitech
2010-03-20 02:04 . 2010-03-20 02:04 10134 ----a-r- c:\users\Ingrid\AppData\Roaming\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
2010-03-09 16:25 . 2010-03-31 09:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 15:42 . 2010-03-31 09:57 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-01 08:05 . 2010-03-10 20:33 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-20 23:06 . 2010-03-11 01:20 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 01:20 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 01:20 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-16 12:24 . 2010-03-10 20:33 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-12 10:48 . 2010-03-06 17:44 293376 ----a-w- c:\windows\system32\browserchoice.exe
2008-11-12 13:12 . 2008-11-12 13:01 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-03 1833504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 92704]
"QuickTime Task"="c:\quicktime\QTTask.exe" [2009-01-05 413696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Statusfenster.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2009-3-27 50848]
Logitech SetPoint.lnk - c:\logitech\SetPoint\SetPoint.exe [2010-2-16 813584]
Scanner Finder.lnk - c:\scanwizard 5\ScannerFinder.exe [2009-4-7 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c8,b8,51,41,f6,ed,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 135664]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-05-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-12 18:29]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 15:38]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 15:38]

2010-05-12 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\xu7o1wrr.default\
FF - plugin: c:\divx\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\divx\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\quicktime\Plugins\npqtplugin.dll
FF - plugin: c:\quicktime\Plugins\npqtplugin2.dll
FF - plugin: c:\quicktime\Plugins\npqtplugin3.dll
FF - plugin: c:\quicktime\Plugins\npqtplugin4.dll
FF - plugin: c:\quicktime\Plugins\npqtplugin5.dll
FF - plugin: c:\quicktime\Plugins\npqtplugin6.dll
FF - plugin: c:\quicktime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-12 05:12
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3656)
c:\logitech\SetPoint\GameHook.dll
c:\logitech\SetPoint\lgscroll.dll
.
Zeit der Fertigstellung: 2010-05-12 05:13:27
ComboFix-quarantined-files.txt 2010-05-12 03:13

Vor Suchlauf: 19 Verzeichnis(se), 819.256.193.024 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 819.191.500.800 Bytes frei

- - End Of File - - FED1E0972573690F9234FB63F390C6EF


Ich verstehe davon nichts, aber ich hoffe, dass ich alles richtig gemacht habe. Danke nochmal für deine Hilfe!

Oh nein, jetzt kann ich zwar Avira updaten, aber der PC hängt alle 20 Sekunden und jeder Eingabe dauert ca. 20 Sekunden

So, Neustart und nun läuft alles!

Sind wir fertig,Arne?

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hi Arne,

das Semester ist vorbei und nun wollte ich das Virus wieder bekämpfen. So richtig rund läuft der PC irgendwie nicht, aber es reicht um während des Semester klar zu kommen.

Würdest du mich bitte nochmal unterstützen?

Danke schon mal für die Antwort.

Gruß Josef

Da ich dich bis jetzt nicht erreicht habe, befolgte ich deine letzten Anweisungen.

Siehe da:

Malwarebytes ---> keine Treffer

SuperAntiSpyware--> 13 Treffer ----> 1 Treffer kann nicht gelöscht werden, auch nach mehrmaligen Versuchen.

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/02/2010 at 05:09 PM

Application Version : 4.41.1000

Core Rules Database Version : 5300
Trace Rules Database Version: 3112

Scan type : Complete Scan
Total Scan Time : 01:18:41

Memory items scanned : 677
Memory threats detected : 0
Registry items scanned : 9865
Registry threats detected : 0
File items scanned : 130739
File threats detected : 1

Adware.Tracking Cookie
C:\Users\Ingrid\AppData\Roaming\Microsoft\Windows\Cookies\ingrid@atdmt[3].txt


Ob dies der Grund dafür ist, dass das Internet ab und zu für ca. 0,5 Sekunden aussetzt.

Gruß

Ich will das Log vopn Malwrebytes sehen, auch wenn keine Funde dabei waren.