GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?

doc_jochim · 29.05.2013, 18:21

Hallo,

hier ist die bearbeitete Liste:

Code:

ATTFilter

unbekannt Acrobat.com	Adobe Systems Incorporated	30.11.2008	1,67MB	1.1.377
unbekannt Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	22.09.2008	14,0MB	
unbekannt Adobe AIR	Adobe Systems Incorporated	28.05.2013		3.7.0.1860
unbekannt Adobe Flash Player ActiveX	Adobe Systems Incorporated	22.09.2008		9.0.124.0
unbekannt Adobe Flash Player Plugin	Adobe Systems Incorporated	22.09.2008		9.0.124.0
notwendig Adobe Reader X (10.1.7) - Deutsch	Adobe Systems Incorporated	17.05.2013	167MB	10.1.7
unbekannt Adobe Shockwave Player 11	Adobe Systems, Inc.	22.09.2008	14,3MB	11
unbekannt Adobe SVG Viewer 3.0		22.01.2011	4,77MB	 3.0
unnötig   ALDI Foto Manager Free Sued	MAGIX AG	31.03.2008	51,6MB	3.4.0.466
unnötig   ALDI Online Druck Service (Sued)		22.09.2008	8,09MB	
unnötig   ALDI Sued Foto Service	MAGIX AG	31.03.2008	57,2MB	1.12.0.93
unnötig   Aldi Süd Fotoservice		22.09.2008	41,7MB	
unbekannt Apple Application Support	Apple Inc.	28.05.2013	64,7MB	2.3.4
unbekannt Apple Software Update	Apple Inc.	28.05.2013	2,38MB	2.1.3.127
unbekannt ATI Catalyst Install Manager	ATI Technologies, Inc.	27.03.2008	13,8MB	3.0.664.0
notwendig avast! Free Antivirus	AVAST Software	28.05.2013	341MB	8.0.1489.0
unnötig   Bing Bar	Microsoft Corporation	15.01.2013	527KB	7.1.361.0
notwendig Campus BK	Sommer Informatik GmbH	11.03.2012	42,8MB	10.19.2000
notwendig CCleaner	Piriform	24.05.2013	2,62MB	4.02
notwendig Compatibility Pack für 2007 Office System	Microsoft Corporation	09.01.2013		12.0.6612.1000
notwendig CyberLink PowerDirector	CyberLink Corp.	10.04.2008	216MB	6.5.2314
unbekannt Firebird 2.1.2.18118 (Win32)	Firebird Project	16.08.2009	17,9MB	2.1.2.18118
unnötig   Google Toolbar for Internet Explorer	Google Inc.	14.01.2013	7,75MB	7.4.3607.2246
unnötig   I.R.I.S. OCR	HP	13.01.2013	68,9MB	12.3.4.0
notwendig Java 7 Update 21	Oracle	28.05.2013	129MB	7.0.210
unbekannt LetsTrade Komponenten		22.09.2008	19,3MB	
notwendig LUMIX Map Tool	Panasonic Corporation	08.01.2013	4,87MB	1.00.0000
notwendig MakeDisc	CyberLink Corp.	22.09.2008	102MB	3.0.2601
notwendig Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	28.05.2013	13,3MB	1.75.0.1300
notwendig MCE Software Encoder 1.1	CyberLink Corporation	22.09.2008	1,32MB	1.1.0.1918
notwendig MediaShow	CyberLink Corporation	22.09.2008	33,0MB	3.0.4325
unnötig   MEDION Fotos auf CD Sued	MAGIX AG	31.03.2008	650MB	6.0.2.0
unnötig   MEDIONbox	Medion	31.03.2008	26,9MB	1.09.0000.00050
notwendig Microsoft .NET Framework 1.1		31.03.2008		
notwendig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	07.08.2009	36,9MB	
notwendig Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	30.06.2009	36,9MB	
notwendig Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	11.10.2010	120MB	4.0.30319
notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	11.10.2010	24,5MB	4.0.30319
notwendig Microsoft Office File Validation Add-In	Microsoft Corporation	04.03.2012	7,95MB	14.0.5130.5003
notwendig Microsoft Office Home and Student 2007	Microsoft Corporation	20.02.2012	299MB	12.0.6612.1000
notwendig Microsoft Office Live Add-in 1.5	Microsoft Corporation	02.05.2012	506KB	2.0.4024.1
notwendig Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	09.01.2013		12.0.6612.1000
unnötig   Microsoft Silverlight	Microsoft Corporation	26.03.2013		5.1.20125.0
notwendig Microsoft SQL Server Compact 3.5 SP2 ENU	Microsoft Corporation	08.01.2013	3,39MB	3.5.8080.0
notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	24.01.2012	251KB	8.0.50727.4053
notwendig Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	31.10.2011	294KB	8.0.59193
notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	24.04.2008	2,05MB	9.0.21022
notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	02.11.2011	226KB	9.0.30729.4148
notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	31.10.2011	594KB	9.0.30729.6161
notwendig Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319	Microsoft Corporation	28.05.2013	11,0MB	10.0.30319
unnötig   Microsoft Works	Microsoft Corporation	15.10.2012	378MB	9.7.0621
unbekannt MSI to redistribute MS VS2005 CRT libraries	The Firebird Project	16.08.2009	1,76MB	8.0.50727.42
notwendig MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	27.03.2008	1,26MB	4.20.9848.0
notwendig MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	27.03.2008	1,26MB	4.20.9849.0
notwendig MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	12.11.2008	1,27MB	4.20.9870.0
notwendig MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	27.11.2009	1,33MB	4.20.9876.0
notwendig Nero 8 Essentials	Nero AG	21.04.2008	1,79GB	8.3.124
notwendig NVIDIA Drivers		22.09.2008		
notwendig OLYMPUS CAMEDIA Master 4.1		03.01.2009	2,32MB	
notwendig OpenOffice.org 3.3	OpenOffice.org	02.11.2011	412MB	3.3.9567
notwendig PHOTOfunSTUDIO 8.1 PE	Panasonic Corporation	08.01.2013	231MB	8.01.710
notwendig PhotoNow!	CyberLink Corp.	22.09.2008	1,59MB	1.0.4310
notwendig Play Movie	CyberLink Corp.	22.09.2008	95,8MB	BD+HD 1.5.3815
notwendig PowerDVD	CyberLink Corporation	22.09.2008	118MB	7.3.3730c.0
notwendig PowerProducer	CyberLink Corp.	22.09.2008	190MB	4.2.2612
unbekannt QuickTime	Apple Inc.	28.05.2013	74,6MB	7.74.80.86
unbekannt RealPlayer	RealNetworks	22.09.2008	46,2MB	
notwendig Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista	Realtek	27.03.2008	1,37MB	1.00.0000
notwendig Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	21.04.2008	16,8MB	6.0.1.5591
unbekannt Sceneo AbsolutTV		22.09.2008	6,53MB	
unbekannt Spelling Dictionaries Support For Adobe Reader 8	Adobe Systems	21.04.2008	67,5MB	8.0.0
unnötig   Studie zur Verbesserung von HP Officejet Pro 8600 Produkten	Hewlett-Packard Co.	13.01.2013	5,97MB	25.0.619.0
notwendig T-Concept XI420		03.06.2012	956KB	
notwendig T-Concept XI420		28.05.2013		
unbekannt TVsweeper 3	Sonavis	21.04.2008	4,11MB	3.0.3
unbekannt Ulead PhotoImpact 12	Ulead System	22.09.2008	389MB	12.0
notwendig WISO Mein Geld 2008 Professional	Buhl Data Service GmbH	31.03.2008	167MB	9.00.01.0023
notwendig XI420 CAPI		13.03.2011	788KB

uuuuups - ich habe gerade gesehen, Du hast 'hinter' geschrieben. Meine Einstufungen sind davor. Soll ich die nochmal ändern oder geht das auch so?

doc

markusg · 29.05.2013, 18:59

Is ok so
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
ALDI : alle
Bing
Firebird
Google
I.R
LetsTrade
MEDION : beide
Microsoft Silverlight
Microsoft Works
RealPlayer
Sceneo AbsolutTV
Spelling
Studie
TVsweeper
Ulead

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

doc_jochim · 29.05.2013, 19:53

Zitat:

deinstaliere:
Adobe Flash Player alle

Was ist mit dem Adobe shockwave Player? Gehört der auch dazu?

Adobe reader auch erst weg vor einer Neuinstallation?

markusg · 29.05.2013, 19:58

adobe reader de und reinstalieren, und shokwave player braucht man meist garnich, kann allgemein weg

doc_jochim · 29.05.2013, 20:05

Zitat:

deinstaliere:
Firebird

ich habe gerade gesehen, daß dieses Datenbankprogramm hierzu gerhört:

Zitat:

notwendig Campus BK Sommer Informatik GmbH 11.03.2012 42,8MB 10.19.2000

Also belassen?

Was ist mit QuickTime?

Code:

ATTFilter

Öffne CCleaner, analysieren, starten,

Irgendwelche bestimmten Häkchen setzen?

markusg · 29.05.2013, 21:10

Quicktime kannst du lassen, und wenn programme benötigt werden musst du die natürlich nicht deinstalieren :-)
ccleaner in der standard Konfig laufen lassen

doc_jochim · 29.05.2013, 21:17

Zitat:

Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.

alle Dateien auswählen? Kann ich nicht finden. Wo?

markusg · 29.05.2013, 21:20

Hi, vergiss das mit der erweiterten Sicherheit,
adobe 11 gibts nicht für Vista, deswegen fällt das mit alle Dateien wohl weg

doc_jochim · 29.05.2013, 21:25

Hier ist die log-Datei von adwcleaner

Code:

ATTFilter

# AdwCleaner v2.301 - Datei am 29/05/2013 um 22:19:51 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Horst - PAPSNEU
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Horst\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1326 octets] - [29/05/2013 22:18:42]
AdwCleaner[S1].txt - [1097 octets] - [29/05/2013 22:19:51]

########## EOF - C:\AdwCleaner[S1].txt - [1157 octets] ##########

markusg · 29.05.2013, 21:45

Hi,
neustarten bitte.
Hitman Pro - Download - Filepony
Hitmanpro laden, doppelklicken, scan.
Nichts löschen.
auf weiter.
Log speichern, bzw als xml exportieren, dann posten, bzw packen und anhängenb

doc_jochim · 29.05.2013, 22:00

Hitman pro:

Code:

ATTFilter

HitmanPro 3.7.5.199
www.hitmanpro.com

   Computer name . . . . : PAPSNEU
   Windows . . . . . . . : 6.0.2.6002.X86/4
   User name . . . . . . : PAPSNEU\Horst
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-05-29 22:56:29
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 6s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0

   Objects scanned . . . : 1.604.553
   Files scanned . . . . : 11.441
   Remnants scanned  . . : 338.992 files / 1.254.120 keys

markusg · 31.05.2013, 10:30

Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
bnun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

doc_jochim · 31.05.2013, 12:57

OTL.txt:

Code:

ATTFilter

OTL logfile created on: 31.05.2013 12:44:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Horst\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 62,61% Memory free
6,21 Gb Paging File | 5,26 Gb Available in Paging File | 84,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 344,01 Gb Free Space | 77,17% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,40 Gb Free Space | 52,01% Space Free | Partition Type: FAT32
 
Computer Name: PAPSNEU | User Name: Horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.27 20:47:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Horst\Desktop\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.03.26 13:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.02.15 16:16:42 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\PlayMovie\PMVService.exe
PRC - [2008.01.30 09:32:22 | 000,091,432 | ---- | M] (cyberlink) -- C:\Programme\CyberLink\Shared Files\brs.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.29 21:36:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\elcapi20.sys -- (elcapi20)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Horst\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.05.09 10:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.04.03 12:56:00 | 007,444,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.02.15 16:17:14 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.01.17 22:35:30 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2008.01.16 18:27:56 | 000,174,600 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007.11.21 12:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.10.12 03:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2006.10.30 17:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2002.07.15 12:43:06 | 000,073,660 | ---- | M] (elmeg Kommunikationstechnik) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElgTaDrv.sys -- (ElgTaDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google-Suche = C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.05.28 22:09:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04E1645F-A88C-423C-B015-5A3CA714D523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D92894-3209-4E57-87F0-2D0D13B72B63}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "startup" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.30 00:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2013.05.29 23:48:55 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.05.29 23:25:31 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Local\{C5940DCC-6C91-4380-8D28-284C5D4EAE76}
[2013.05.29 23:25:23 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Windows Live Writer
[2013.05.29 23:25:23 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Local\Windows Live Writer
[2013.05.29 23:09:07 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Local\Windows Live
[2013.05.29 23:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2013.05.29 22:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.05.28 22:51:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Horst\Desktop\OTL.exe
[2013.05.28 22:50:58 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Horst\Desktop\esetsmartinstaller_enu.exe
[2013.05.28 22:50:34 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Horst\Desktop\tdsskiller.exe
[2013.05.28 22:21:49 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Malwarebytes
[2013.05.28 22:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.28 22:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.28 22:21:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.28 22:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.28 22:11:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.28 22:11:38 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Local\temp
[2013.05.28 21:55:06 | 005,073,758 | R--- | C] (Swearware) -- C:\Users\Horst\Desktop\ComboFix.exe
[2013.05.28 07:55:12 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Apple Computer
[2013.05.28 07:44:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.28 01:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.05.28 01:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.05.28 01:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.05.28 01:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013.05.28 01:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.05.28 01:08:39 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.28 01:08:39 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.28 01:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.05.28 01:08:36 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.05.28 01:08:34 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.28 01:08:33 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.28 01:08:30 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.05.28 01:08:30 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.28 01:07:50 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.28 01:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.05.28 01:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.05.24 18:05:58 | 009,159,136 | ---- | C] (SurfRight B.V.) -- C:\Users\Horst\Desktop\HitmanPro.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.31 12:06:38 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.31 12:06:38 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.31 11:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.30 16:14:18 | 000,674,582 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.30 16:14:18 | 000,634,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.30 16:14:18 | 000,120,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.30 16:14:17 | 000,146,266 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.30 16:07:36 | 000,000,432 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013.05.30 16:06:47 | 000,378,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.30 16:06:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.30 01:02:09 | 3217,264,640 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.29 23:49:50 | 000,001,032 | ---- | M] () -- C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.05.29 23:48:55 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.05.29 22:54:17 | 009,159,136 | ---- | M] (SurfRight B.V.) -- C:\Users\Horst\Desktop\HitmanPro.exe
[2013.05.29 22:50:15 | 012,213,707 | ---- | M] () -- C:\Users\Horst\Desktop\HitmanPro_3.7.5.199.zip
[2013.05.29 21:52:24 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.05.29 21:08:06 | 000,000,887 | ---- | M] () -- C:\Windows\uninst.ini
[2013.05.29 19:02:25 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.28 22:21:34 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.28 22:09:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.28 21:55:27 | 005,073,758 | R--- | M] (Swearware) -- C:\Users\Horst\Desktop\ComboFix.exe
[2013.05.28 20:54:46 | 000,002,617 | ---- | M] () -- C:\Users\Horst\Desktop\Campus BK-Abrechnung.lnk
[2013.05.28 01:08:40 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.28 01:08:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.05.28 00:57:51 | 000,007,592 | ---- | M] () -- C:\Users\Horst\AppData\Local\d3d9caps.dat
[2013.05.27 23:59:38 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Horst\Desktop\tdsskiller.exe
[2013.05.27 21:28:48 | 000,706,708 | ---- | M] () -- C:\Users\Horst\Desktop\delfix.exe
[2013.05.27 20:58:02 | 000,050,477 | ---- | M] () -- C:\Users\Horst\Desktop\Defogger.exe
[2013.05.27 20:55:06 | 000,890,825 | ---- | M] () -- C:\Users\Horst\Desktop\SecurityCheck.exe
[2013.05.27 20:54:52 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Horst\Desktop\esetsmartinstaller_enu.exe
[2013.05.27 20:53:18 | 000,165,376 | ---- | M] () -- C:\Users\Horst\Desktop\SystemLook_x64.exe
[2013.05.27 20:52:22 | 000,632,031 | ---- | M] () -- C:\Users\Horst\Desktop\adwcleaner.exe
[2013.05.27 20:49:04 | 000,377,856 | ---- | M] () -- C:\Users\Horst\Desktop\gmer_2.1.19163.exe
[2013.05.27 20:47:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Horst\Desktop\OTL.exe
[2013.05.23 18:05:51 | 000,016,463 | ---- | M] () -- C:\Users\Horst\Documents\Wibbing u. Laucht Mietforderungen 15.01.13.odt
[2013.05.22 19:52:11 | 000,016,555 | ---- | M] () -- C:\Users\Horst\Documents\Beihilfe.odt
[2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
 
========== Files Created - No Company Name ==========
 
[2013.05.29 23:49:50 | 000,001,032 | ---- | C] () -- C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.05.29 23:48:55 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.05.29 22:49:41 | 012,213,707 | ---- | C] () -- C:\Users\Horst\Desktop\HitmanPro_3.7.5.199.zip
[2013.05.29 21:52:24 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013.05.29 21:52:24 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.05.29 21:36:24 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.29 21:08:06 | 000,000,887 | ---- | C] () -- C:\Windows\uninst.ini
[2013.05.29 19:02:25 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.28 22:51:35 | 000,165,376 | ---- | C] () -- C:\Users\Horst\Desktop\SystemLook_x64.exe
[2013.05.28 22:51:30 | 000,890,825 | ---- | C] () -- C:\Users\Horst\Desktop\SecurityCheck.exe
[2013.05.28 22:51:04 | 000,377,856 | ---- | C] () -- C:\Users\Horst\Desktop\gmer_2.1.19163.exe
[2013.05.28 22:50:53 | 000,706,708 | ---- | C] () -- C:\Users\Horst\Desktop\delfix.exe
[2013.05.28 22:50:48 | 000,050,477 | ---- | C] () -- C:\Users\Horst\Desktop\Defogger.exe
[2013.05.28 22:50:40 | 000,632,031 | ---- | C] () -- C:\Users\Horst\Desktop\adwcleaner.exe
[2013.05.28 22:21:34 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.28 21:53:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.28 01:23:59 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.05.28 01:08:40 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.28 01:08:32 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.28 01:08:32 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.27 22:11:33 | 3217,264,640 | -HS- | C] () -- C:\hiberfil.sys
[2013.01.14 12:38:27 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.01.09 23:38:48 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2013.01.09 23:38:47 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2013.01.09 23:38:47 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2013.01.09 23:38:47 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2013.01.09 23:38:47 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2013.01.09 23:38:47 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2013.01.09 23:38:47 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2013.01.09 23:38:47 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2013.01.09 23:38:47 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2013.01.09 23:38:47 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2013.01.09 23:38:47 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2013.01.09 23:38:47 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2013.01.09 23:38:47 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2013.01.09 23:38:47 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2013.01.09 23:38:47 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2013.01.09 23:38:47 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2013.01.09 23:38:47 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2013.01.09 23:38:47 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2013.01.09 23:38:47 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012.06.03 22:55:10 | 000,000,950 | ---- | C] () -- C:\Windows\XI420Ke.INI
[2012.05.22 20:07:56 | 000,013,640 | ---- | C] () -- C:\Users\Horst\Delibasic Zusammenstellung Stand 21.05.2012.odt
[2012.05.21 20:18:20 | 000,014,339 | ---- | C] () -- C:\Users\Horst\Wagner Abrechnung.odt
[2012.04.30 12:06:17 | 000,011,978 | ---- | C] () -- C:\Users\Horst\Geburtstag 70.odt
[2012.04.29 22:24:56 | 000,011,800 | ---- | C] () -- C:\Users\Horst\Geburtstag Sitzordnungsvorschlag.ods
[2011.10.27 10:30:05 | 000,006,144 | ---- | C] () -- C:\Users\Horst\Datenbanktest3.wdb
[2011.10.27 10:21:52 | 000,010,752 | ---- | C] () -- C:\Users\Horst\Datenbanktest2a.xlr
[2011.10.27 10:20:55 | 000,010,752 | ---- | C] () -- C:\Users\Horst\Datenbanktest2a.ods
[2011.10.27 10:19:18 | 000,000,540 | ---- | C] () -- C:\Users\Horst\AppData\Roaming\wklnhst.dat
[2011.10.27 10:09:21 | 000,009,496 | ---- | C] () -- C:\Users\Horst\Datenbanktest.ods
[2009.06.30 21:53:26 | 000,024,206 | ---- | C] () -- C:\Users\Horst\AppData\Roaming\UserTile.png
[2009.06.30 20:38:31 | 000,007,592 | ---- | C] () -- C:\Users\Horst\AppData\Local\d3d9caps.dat
[2008.10.16 19:52:05 | 000,030,208 | ---- | C] () -- C:\Users\Horst\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.22 22:10:26 | 000,000,093 | ---- | C] () -- C:\Users\Horst\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.09.22 22:14:15 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Buhl Data Service GmbH
[2012.01.29 12:46:56 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Hemera
[2011.11.03 20:15:27 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\OpenOffice.org
[2013.02.14 14:06:25 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Sommer Informatik GmbH
[2013.02.14 15:30:58 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\TeamViewer
[2011.10.27 10:19:25 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Template
[2009.08.15 16:37:53 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Uniblue
[2013.05.29 23:25:23 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.05.28 22:11:42 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.10.08 11:16:48 | 000,000,000 | ---D | M] -- C:\74faae02819a502ef122c36c96
[2009.08.26 15:30:28 | 000,000,000 | ---D | M] -- C:\Boot
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.09.22 21:49:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.03.28 15:15:05 | 000,000,000 | R--D | M] -- C:\MSOCache
[2013.05.29 23:38:26 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.05.30 00:12:17 | 000,000,000 | ---D | M] -- C:\ProgramData
[2008.09.22 21:49:30 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.05.28 22:11:40 | 000,000,000 | ---D | M] -- C:\Qoobox
[2013.05.31 12:46:01 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.09.22 22:09:57 | 000,000,000 | R--D | M] -- C:\Users
[2013.05.29 23:08:32 | 000,000,000 | ---D | M] -- C:\Windows
[2013.05.28 23:31:09 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,530 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013.05.29 21:36:24 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2008.01.16 18:27:56 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=8DC09F3B54DDCAEB52E0DCFA1D55B26A -- C:\Windows\System32\drivers\ahcix86s.sys
[2008.01.16 18:27:56 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=8DC09F3B54DDCAEB52E0DCFA1D55B26A -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_957aef9d\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2012.01.11 15:52:12 | 000,036,352 | ---- | M] (Panasonic Corporation) MD5=B0E3DDDD8F4DD34E1829BEF8FD89F0C2 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 8.1 PE\Core\EventLog\EventLog.dll
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2011.10.27 10:14:39 | 000,009,496 | ---- | M] () -- C:\Users\Horst\Datenbanktest.ods
[2011.10.27 10:20:55 | 000,010,752 | ---- | M] () -- C:\Users\Horst\Datenbanktest2a.ods
[2011.10.27 10:22:15 | 000,010,752 | ---- | M] () -- C:\Users\Horst\Datenbanktest2a.xlr
[2011.10.27 10:30:06 | 000,006,144 | ---- | M] () -- C:\Users\Horst\Datenbanktest3.wdb
[2012.05.22 20:13:55 | 000,013,640 | ---- | M] () -- C:\Users\Horst\Delibasic Zusammenstellung Stand 21.05.2012.odt
[2012.04.30 20:10:19 | 000,011,978 | ---- | M] () -- C:\Users\Horst\Geburtstag 70.odt
[2012.04.29 22:24:59 | 000,011,800 | ---- | M] () -- C:\Users\Horst\Geburtstag Sitzordnungsvorschlag.ods
[2012.02.08 16:56:43 | 000,000,000 | ---- | M] () -- C:\Users\Horst\Neues Textdokument.txt
[2013.05.31 12:51:51 | 003,407,872 | -HS- | M] () -- C:\Users\Horst\NTUSER.DAT
[2013.05.28 07:44:14 | 000,077,824 | -H-- | M] () -- C:\Users\Horst\ntuser.dat.LOG
[2013.05.31 12:51:50 | 000,262,144 | -H-- | M] () -- C:\Users\Horst\ntuser.dat.LOG1
[2010.10.08 11:21:09 | 000,262,144 | -H-- | M] () -- C:\Users\Horst\ntuser.dat.LOG2
[2011.03.09 15:26:50 | 003,145,728 | -HS- | M] () -- C:\Users\Horst\ntuser.dat_previous
[2013.05.30 01:01:02 | 000,065,536 | -HS- | M] () -- C:\Users\Horst\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.08.10 22:12:23 | 000,524,288 | -HS- | M] () -- C:\Users\Horst\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2013.05.30 01:01:02 | 000,524,288 | -HS- | M] () -- C:\Users\Horst\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.09.22 22:10:00 | 000,000,020 | -HS- | M] () -- C:\Users\Horst\ntuser.ini
[2012.05.21 20:21:26 | 000,014,339 | ---- | M] () -- C:\Users\Horst\Wagner Abrechnung.odt
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 912 bytes -> C:\Users\Horst\Documents\Sommer-Informatik  Kosten2_weg.eml:OECustomProperty
@Alternate Data Stream - 880 bytes -> C:\Users\Horst\Documents\Fachberatung für Elektrogroßgeräte.eml:OECustomProperty
@Alternate Data Stream - 574 bytes -> C:\Users\Horst\Documents\Entwürfe.eml:OECustomProperty

< End of report >

Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 31.05.2013 12:44:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Horst\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 62,61% Memory free
6,21 Gb Paging File | 5,26 Gb Available in Paging File | 84,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 344,01 Gb Free Space | 77,17% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,40 Gb Free Space | 52,01% Space Free | Partition Type: FAT32
 
Computer Name: PAPSNEU | User Name: Horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00ED5073-D65A-42C0-A5D5-1945A2D7B952}" = lport=138 | protocol=17 | dir=in | app=system | 
"{10100A19-2EE8-4B16-99CB-07F3E34F5741}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{1D18CA4B-C300-4B92-9391-66743A40BDBE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1D798CB3-C45E-4269-8B32-7E0200CF0568}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{229FBE6F-5941-47B9-A08A-AFA36B9F40E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{30A6E5C5-14F2-41B9-95D3-85FE1235D25E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{32CCA839-424A-49D6-811D-008282D13693}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3C8EA5E9-06B9-4491-85C3-A034BB4D12CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{580DDD20-1CC0-4D69-BA60-42C98397EF3F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5DEB61CC-8490-49C3-8569-D9B1A2422330}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{604E5918-C52F-4326-84CA-C169963455D8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6AD50030-E7B7-4B2F-BE7D-4776971728ED}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6B97687C-18C9-42FE-84BB-014C9EA2A1BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6F9ABAD5-1E19-4AE4-9C08-57EA364D766C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{7B16CE08-9A7C-441D-B5F2-5B5E712BA4B7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7F73B301-B58C-4547-BD83-396731A8D84F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{83ADD4A5-478E-4951-81E6-7F9BC5746D1A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9F0CD63B-DBFB-441D-A538-C0454E3DA512}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B087FEEB-0948-494E-914A-FEE8B5B1EEB3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B19E6A3A-E7B3-4882-827A-4577BC89A857}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BEDEA2AA-014A-4530-A7DE-6CC5FD97594C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D0FC3D17-0948-402C-8F58-06DD4BE6AAD2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D5B69520-FAAF-40A7-A195-7FB2CE2E9C7E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DD47C4F8-FF6E-4636-A514-1B7FD2493AEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F20DF378-3A5D-46AC-9067-3157649B17BA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F735A536-7D38-4577-84EA-37900077EFDB}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1906FC9B-4D17-439B-9186-FD9685991CD7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{27287C48-7F15-43D1-9FA3-86AABFF83EFF}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{303E5D0F-41C3-489A-A52C-C6E1EF74DAD7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3A0CCB7F-028E-4DF0-9ADE-2E28725F1051}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe | 
"{442EFC43-DABC-47A1-8F24-43CE5CFD6918}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe | 
"{49D4E592-9F87-4BA6-839C-D1E65FE32036}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5623B315-D108-4FEA-9F2D-1C9374D274B5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8895FB40-B087-4BB2-9EC0-BBCAE498DB79}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{8E720CBB-BE7D-4AFE-AA75-2EE0B8BC5B87}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9AA84967-998C-4421-A39B-F776ED98099A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CE97BDA8-EEC2-488B-8BD0-65F91E988A00}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D9B6E931-2788-4FA2-80FE-8F734CDE3DDD}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{E84B780E-6230-4A46-A7D9-BC2119B860DA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F19FD7A0-ED7D-45A7-8647-8F32B4C6D604}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{F5530EAB-157A-459C-A5A9-E97719677DB7}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{F8077B1A-9530-4ECA-9E62-0C029715F34D}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"TCP Query User{936C4043-8042-422D-9772-6BB0505977B5}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{DDBEB696-E847-4945-A676-669130BAB8CB}C:\users\horst\desktop\m2\metin2.bin" = protocol=6 | dir=in | app=c:\users\horst\desktop\m2\metin2.bin | 
"TCP Query User{DE9508FD-8739-465E-9C02-45889792E959}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{F1EB76D0-372F-4439-B232-88BC68CBC7E0}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{0F126E33-BD60-4608-B98A-005DF9CEBA33}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{2E01B056-DE96-4C76-805E-BE0B143E547D}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{75698012-4E1B-4379-B4A0-54280A6411BA}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{7CFECDE1-E52C-4F2D-870F-6851C8834743}C:\users\horst\desktop\m2\metin2.bin" = protocol=17 | dir=in | app=c:\users\horst\desktop\m2\metin2.bin | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2309B117-1048-4DD6-8DD0-5F5F60B8380A}" = Campus BK
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.1
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{48A39B02-21D5-4C73-915E-09C90A13971D}" = XI420 CAPI
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{580643F9-E492-4A12-AB61-DC6ADE65EC9F}" = T-Concept XI420
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5F58EF0F-3E92-49B9-A315-872C65F30F05}" = PHOTOfunSTUDIO 8.1 PE
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}" = LUMIX Map Tool
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{927AE974-7B5B-463B-A672-D3B048664D6B}" = T-Concept XI420
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F251952-43A3-1305-997C-5B285C76FCAD}" = ATI Catalyst Install Manager
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FBDBServer_2_1_is1" = Firebird 2.1.2.18118 (Win32)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}" = LUMIX Map Tool
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.03.2012 17:57:58 | Computer Name = Papsneu | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 16d4  Anfangszeit: 01ccfb1a81c639c6  Zeitpunkt
 der Beendigung: 63
 
Error - 06.03.2012 03:50:01 | Computer Name = Papsneu | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.03.2012 08:47:59 | Computer Name = Papsneu | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.03.2012 05:15:26 | Computer Name = Papsneu | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.03.2012 02:33:10 | Computer Name = Papsneu | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.03.2012 02:03:34 | Computer Name = Papsneu | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.03.2012 16:32:20 | Computer Name = Papsneu | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.03.2012 18:00:28 | Computer Name = Papsneu | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CampusBKabrechnung.exe, Version 5.0.4.1284, 
Zeitstempel 0x2a425e19, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel
 0x4ec3e3d5, Ausnahmecode 0xc0000005, Fehleroffset 0x00039377,  Prozess-ID 0x988, 
Anwendungsstartzeit 01cd0617a5c92de0.
 
Error - 20.03.2012 14:35:19 | Computer Name = Papsneu | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.03.2012 06:22:20 | Computer Name = Papsneu | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 29.05.2013 17:34:37 | Computer Name = Papsneu | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 29.05.2013 17:34:37 | Computer Name = Papsneu | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 30.05.2013 10:07:20 | Computer Name = Papsneu | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 30.05.2013 10:07:26 | Computer Name = Papsneu | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 30.05.2013 10:07:36 | Computer Name = Papsneu | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 30.05.2013 10:07:36 | Computer Name = Papsneu | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.1.2 deaktiviert, da
 die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der 
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 30.05.2013 10:07:43 | Computer Name = Papsneu | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 31.05.2013 06:43:39 | Computer Name = Papsneu | Source = DCOM | ID = 10005
Description = 
 
Error - 31.05.2013 06:43:39 | Computer Name = Papsneu | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 31.05.2013 06:43:39 | Computer Name = Papsneu | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

Ich hoffe, be OTL waren die richtigen Häkchen gesetzt - bei so vielen Möglichkeiten...

markusg · 31.05.2013, 13:03

Hi,

otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found

:files
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

im Chrome kannst du noch folgenes deinstalieren:
Realplayer
https://support.google.com/chrome/answer/113907?hl=de

bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.

doc_jochim · 31.05.2013, 15:34

Zitat:

Starte bitte die OTL.exe.

Wieder wie immer mit rechtsklick > als admin ausführen?

Bestimmte Einstellungen?

29.05.2013, 21:10	#36
markusg /// Malware-holic	GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? Quicktime kannst du lassen, und wenn programme benötigt werden musst du die natürlich nicht deinstalieren :-) ccleaner in der standard Konfig laufen lassen __________________ --> GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?

GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?