Tr/Gataka.D.57 - PC sehr langsam

ma88 · 07.07.2012, 09:25

Hallo!
seit paar Tagen ist mein PC sehr langsam (v.a. beim Internetsurfen) und Avira zeigt Tr/Gataka.D.57. an. Ich hab schon paar mal versucht, ihn in Quarantäne zu verschieben, aber das hilft nix.

Habe Malwarebytes bereits durchgeführt

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.06.14

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Margit :: MARGIT-PC [Administrator]

07.07.2012 01:23:27
mbam-log-2012-07-07 (01-23-27).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223449
Laufzeit: 15 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Trojan.Proxy) -> Daten: C:\Users\Margit\AppData\Roaming\Identities\{3A2BBAAA-60D8-421E-A920-0A863AA682D6}\LicenseValidator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und ich hab hier auch gelesen, eset durchzuführen, hab ich gemacht, habs allerdings mit entfernen gemacht... Hoffe, das war nicht falsch...?

Code:

ATTFilter

 C:\Users\Margit\AppData\Local\Mozilla\Firefox\Profiles\ogvuz27p.default\Cache\A\46\B8C70d01	JS/Exploit.Pdfka.PMQ Trojaner	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\Margit\AppData\Local\Mozilla\Firefox\Profiles\ogvuz27p.default\Cache\D\68\A551Ed01	HTML/ScrInject.B.Gen Virus	gelöscht - in Quarantäne kopiert
C:\Users\Margit\AppData\Local\Mozilla\Firefox\Profiles\ogvuz27p.default\Cache\F\C5\81AB8d01	JS/Kryptik.PH Trojaner	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\Margit\AppData\Local\VirtualStore\Program Files\Spyware Guard 2008\vbase.vdb	Win32/Adware.MalwareDefender2009 Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
Arbeitsspeicher	Variante von Win32/Gataka.B Trojaner

Was kann ich tun? Ich hoffe, ihr könnt mir helfen!

viele Grüße und Danke im vorraus,
ma88

markusg · 10.07.2012, 23:24

hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

ma88 · 11.07.2012, 11:14

Hallo,
hab ich gemacht:
OTL.Txt:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11.07.2012 11:06:14 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Margit\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,00% Memory free
6,23 Gb Paging File | 5,17 Gb Available in Paging File | 83,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 42,93 Gb Free Space | 38,37% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 104,65 Gb Free Space | 94,28% Space Free | Partition Type: NTFS
 
Computer Name: MARGIT-PC | User Name: Margit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.06 09:18:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Margit\Desktop\OTL.exe
PRC - [2012.05.08 18:08:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 18:08:21 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.08 18:08:20 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 18:08:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.11.20 08:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE
PRC - [2008.01.30 05:00:14 | 001,926,144 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe
PRC - [2008.01.25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcmscsvc.exe
PRC - [2008.01.02 10:40:14 | 000,348,160 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2007.12.28 03:44:10 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2007.12.05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe
PRC - [2007.11.15 19:15:16 | 000,251,216 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcsvrcnt.exe
PRC - [2007.11.13 12:16:26 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\MSC\mcupdui.exe
PRC - [2007.11.01 18:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\MSC\mcuimgr.exe
PRC - [2007.08.15 05:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007.08.03 19:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2007.07.24 05:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\Mcshield.exe
PRC - [2007.07.18 08:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MPF\MpfSrv.exe
PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2007.06.28 11:57:52 | 000,085,672 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
PRC - [2007.06.01 12:36:00 | 000,684,032 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006.04.14 03:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.01.30 05:00:14 | 001,926,144 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe
MOD - [2007.12.09 08:08:54 | 002,811,392 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\Resdll.dll
MOD - [2007.08.07 02:31:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.06.28 11:57:52 | 000,085,672 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
MOD - [2006.09.19 02:52:46 | 000,028,672 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\WinMove.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.03 20:18:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.08 18:08:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 18:08:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.01.25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007.12.05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Programme\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007.11.07 09:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007.08.15 05:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007.07.24 05:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007.07.18 08:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MPF\MpfSrv.exe -- (MpfService)
SRV - [2007.06.28 11:54:42 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006.10.26 12:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 07:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.04.14 03:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2006.04.14 03:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006.04.14 03:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.13 20:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VMC302.sys -- (VMC302)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.08 18:08:33 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 18:08:32 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.03.12 16:40:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2007.12.02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007.11.22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007.11.22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007.11.22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007.11.22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007.09.13 08:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.08.07 02:30:52 | 002,601,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007.08.07 02:30:52 | 002,601,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.07.13 02:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007.04.26 03:15:26 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2007.02.07 17:57:20 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006.11.02 09:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2EE36B02-8545-4950-B5CC-5F3EB545CF36}: "URL" = hxxp://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-divx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Margit\AppData\Roaming\06039 [2012.06.13 11:52:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.11 11:43:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.29 14:48:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Margit\AppData\Roaming\06039 [2012.06.13 11:52:19 | 000,000,000 | ---D | M]
 
[2008.09.14 20:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Margit\AppData\Roaming\mozilla\Extensions
[2012.04.27 22:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Margit\AppData\Roaming\mozilla\Firefox\Profiles\ogvuz27p.default\extensions
[2012.04.27 22:41:49 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Margit\AppData\Roaming\mozilla\Firefox\Profiles\ogvuz27p.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.15 14:09:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Margit\AppData\Roaming\mozilla\Firefox\Profiles\ogvuz27p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.14 13:35:43 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Margit\AppData\Roaming\mozilla\Firefox\Profiles\ogvuz27p.default\extensions\engine@conduit.com
[2011.05.19 23:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.05.19 23:27:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2012.06.13 11:52:19 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\MARGIT\APPDATA\ROAMING\06039
[2011.09.11 11:43:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.19 23:26:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.10 23:57:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.10 23:57:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.10 23:57:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.10 23:57:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.10 23:57:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.10 23:57:57 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Epson Stylus SX510W(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Qyisyfubab] C:\Users\Margit\AppData\Roaming\Otfo\putou.exe File not found
O4 - HKCU..\Run: [UpgradeChecker] C:\Users\Margit\AppData\Roaming\TeamViewer\{07CA5629-C78E-4080-B009-2E9418EDAF4B}\UpgradeChecker.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Margit\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{310FB175-C92B-4E17-8C00-841A665AC6AC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E74A94B1-C9CC-4CEF-8090-D42A8007CBBD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Margit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Margit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4AADD1F0-17A8-4349-943F-9C7B5E3F9CB4} - Yahoo! Toolbar
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {765BB945-9769-4D3A-BEB3-D868972080C8} - NoIE8Tour
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E6097C7D-AF4E-4985-9A0C-F5611B5818BC} - Yahoo! Search Settings Update
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{DF356B79-C4CB-48FE-A37F-9DA402B270C1} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^Users^Margit^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk - C:\Programme\OpenOffice.org 2.4\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: avgnt - hkey= - key= -  File not found
MsConfig - StartUpReg: EEventManager - hkey= - key= - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: Epson Stylus SX510W(Netzwerk) - hkey= - key= -  File not found
MsConfig - StartUpReg: EPSON SX510W Series - hkey= - key= -  File not found
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: spywareguard - hkey= - key= -  File not found
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.06 09:18:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Margit\Desktop\OTL.exe
[2012.07.05 21:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.03 19:43:34 | 000,000,000 | ---D | C] -- C:\Users\Margit\AppData\Roaming\Help
[2012.07.03 19:39:20 | 000,000,000 | ---D | C] -- C:\Users\Margit\AppData\Roaming\Windows Desktop Search
[2012.07.03 19:39:20 | 000,000,000 | ---D | C] -- C:\Users\Margit\AppData\Roaming\TeamViewer
[2012.06.27 10:41:28 | 000,000,000 | ---D | C] -- C:\Users\Margit\AppData\Local\Macromedia
[2012.06.13 11:52:19 | 000,000,000 | ---D | C] -- C:\Users\Margit\AppData\Roaming\06039
[2012.06.12 11:33:47 | 000,000,000 | ---D | C] -- C:\Users\Margit\AppData\Roaming\06038
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Margit\AppData\Roaming\*.tmp files -> C:\Users\Margit\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.11 10:36:15 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.11 10:35:52 | 000,027,711 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2012.07.11 10:34:41 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.11 10:34:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.11 10:34:09 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.11 10:33:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.11 10:33:34 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.10 23:20:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.10 22:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.09 18:44:57 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.07.09 13:04:01 | 000,000,242 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2012.07.08 11:33:23 | 000,218,308 | ---- | M] () -- C:\Users\Margit\Desktop\HakenhalterJuli-September.jpg
[2012.07.07 15:01:04 | 000,680,250 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.07 15:01:04 | 000,638,028 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.07 15:01:04 | 000,148,710 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.07 15:01:04 | 000,120,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.06 09:18:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Margit\Desktop\OTL.exe
[2012.06.26 18:44:54 | 000,213,140 | ---- | M] () -- C:\Users\Margit\Documents\notfall.jpg
[2012.06.14 14:54:48 | 000,430,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.13 12:26:13 | 000,000,032 | ---- | M] () -- C:\Users\Margit\AppData\Roaming\blckdom.res
[2012.06.13 12:00:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Margit\AppData\Roaming\*.tmp files -> C:\Users\Margit\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.08 11:33:09 | 000,218,308 | ---- | C] () -- C:\Users\Margit\Desktop\HakenhalterJuli-September.jpg
[2012.06.27 09:35:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.26 18:44:54 | 000,213,140 | ---- | C] () -- C:\Users\Margit\Documents\notfall.jpg
[2012.06.13 12:00:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.14 21:56:23 | 000,000,032 | ---- | C] () -- C:\Users\Margit\AppData\Roaming\blckdom.res
[2011.05.20 20:03:52 | 000,000,034 | ---- | C] () -- C:\Windows\MODUL2.INI
[2011.05.06 12:52:06 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.05.06 12:52:06 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.05.06 12:52:06 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.05.06 12:52:06 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.05.06 12:52:06 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.05.06 12:52:05 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.05.06 12:52:05 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.05.06 12:52:05 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.05.06 12:52:05 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.05.06 12:52:05 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.05.06 12:52:05 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.05.06 12:52:05 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.05.06 12:52:05 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.05.06 12:52:05 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.05.06 12:52:05 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.05.06 12:52:05 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.05.06 12:52:05 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.05.06 12:52:05 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.05.06 12:52:05 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.07.03 19:02:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.27 21:16:34 | 000,000,048 | ---- | C] () -- C:\Users\Margit\AppData\Roaming\s.cfg
[2008.10.09 16:10:20 | 000,000,680 | ---- | C] () -- C:\Users\Margit\AppData\Local\d3d9caps.dat
[2008.09.18 14:00:32 | 000,014,848 | ---- | C] () -- C:\Users\Margit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2012.05.14 21:56:29 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\06034
[2012.05.17 15:06:08 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\06035
[2012.05.31 18:44:41 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\06036
[2012.06.08 23:09:50 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\06037
[2012.06.12 11:33:47 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\06038
[2012.06.13 11:52:19 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\06039
[2012.05.31 23:04:20 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Akaquh
[2011.03.14 19:25:46 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\AliceHilfe
[2011.09.06 20:50:12 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\DVDVideoSoft
[2011.04.21 16:53:11 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.10 22:08:11 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Epson
[2012.05.31 23:04:33 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Esrup
[2012.05.15 10:02:25 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Gedau
[2012.05.16 18:19:52 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Hacaaq
[2009.03.04 14:52:13 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\IN-MEDIAKG
[2012.05.14 20:17:49 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Invyx
[2012.05.12 23:39:42 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Ipsei
[2012.05.14 21:56:14 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\kock
[2012.05.15 10:02:25 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Kykoiw
[2012.05.17 02:18:05 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Luyw
[2012.05.14 20:17:49 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Oqeh
[2012.05.31 23:09:05 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Oqyv
[2012.05.17 13:05:51 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Otfo
[2009.07.30 20:15:56 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\ProtectDisc
[2012.05.16 18:19:52 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Qoxy
[2012.07.07 01:40:07 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\TeamViewer
[2012.05.28 23:14:36 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\UAs
[2012.05.31 23:09:05 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Ukipl
[2012.05.15 20:02:27 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Uwyhm
[2012.05.15 20:02:27 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Vafe
[2012.07.03 19:39:20 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\Windows Desktop Search
[2012.05.28 23:15:37 | 000,000,000 | ---D | M] -- C:\Users\Margit\AppData\Roaming\xmldm
[2012.07.09 13:04:01 | 000,000,242 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2012.04.15 01:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2012.05.01 03:34:44 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2012.07.10 23:20:08 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2008.09.09 20:02:19 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008.03.12 19:04:23 | 000,000,000 | ---D | M] -- C:\avs contents
[2011.01.22 18:34:15 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.03.21 20:26:55 | 000,000,000 | ---D | M] -- C:\codec-info
[2012.05.10 00:27:13 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.09.09 16:51:35 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.10.05 20:52:09 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2011.05.20 20:03:52 | 000,000,000 | ---D | M] -- C:\FBI
[2011.05.27 17:25:12 | 000,000,000 | ---D | M] -- C:\MappedFiles
[2008.03.12 18:50:19 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.03.12 16:34:49 | 000,000,000 | ---D | M] -- C:\MyWorks
[2010.06.04 12:45:12 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.07.05 21:44:43 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.06.02 12:00:05 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.09.09 16:51:35 | 000,000,000 | -HSD | M] -- C:\Programme
[2008.03.12 16:55:40 | 000,000,000 | ---D | M] -- C:\Samsung
[2012.07.11 11:12:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.09.09 20:01:45 | 000,000,000 | R--D | M] -- C:\Users
[2012.06.02 12:39:21 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.03.12 17:57:54 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2008.03.12 17:59:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2008.03.12 17:59:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2008.03.12 17:59:29 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2008.03.12 17:57:56 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2008.03.12 17:57:56 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 18:25:27 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=1DEEDE62051F7245FB0010E995E4A6FC -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b0f802d7\atapi.sys
[2008.03.12 18:25:27 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=1DEEDE62051F7245FB0010E995E4A6FC -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20541_none_dbb1430d3da06c42\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 18:01:04 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2008.03.12 18:23:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2008.03.12 18:23:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008.03.12 18:01:03 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2008.03.12 18:01:03 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008.09.16 09:39:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.09.16 09:39:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.09.16 09:39:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.09.16 09:39:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.03.12 17:44:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.03.12 17:44:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.03.12 17:02:17 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2008.03.12 17:02:17 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.04.23 12:35:29 | 000,580,608 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msfeeds.dll
 
< %USERPROFILE%\*.* >
[2012.07.11 11:06:19 | 002,883,584 | -HS- | M] () -- C:\Users\Margit\NTUSER.DAT
[2012.07.11 11:06:18 | 000,262,144 | -H-- | M] () -- C:\Users\Margit\ntuser.dat.LOG1
[2008.09.09 16:52:17 | 000,000,000 | -H-- | M] () -- C:\Users\Margit\ntuser.dat.LOG2
[2012.07.10 23:20:04 | 000,065,536 | -HS- | M] () -- C:\Users\Margit\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.07.10 23:20:04 | 000,524,288 | -HS- | M] () -- C:\Users\Margit\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2008.09.09 16:57:32 | 000,524,288 | -HS- | M] () -- C:\Users\Margit\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.09.09 16:52:18 | 000,000,020 | -HS- | M] () -- C:\Users\Margit\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >

--- --- ---
[/code]

und Extras.Txt:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 11.07.2012 11:06:14 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Margit\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,00% Memory free
6,23 Gb Paging File | 5,17 Gb Available in Paging File | 83,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 42,93 Gb Free Space | 38,37% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 104,65 Gb Free Space | 94,28% Space Free | Partition Type: NTFS
 
Computer Name: MARGIT-PC | User Name: Margit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DEE59DD-8153-4ED9-B0B9-6BBA8EF676CC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{22E41C95-2C05-49B6-A11E-D58D4A435FED}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{234A0B92-1BFE-422D-B836-FDA889852E92}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{59602769-78ED-419F-A922-A66A5BB22EBE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{59BAB497-DFA9-40FF-BCDF-FF2E71C416B3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{617BA9E9-B71C-4C19-A7D6-7238DB045A72}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"{6E15AB04-937F-4D9B-A190-2379DB5AD037}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{802A58D2-03FF-488C-AF71-F2584AF851E1}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{92C41C10-3131-4557-960D-A96AD895501C}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"{9848AC98-D8AA-436A-915D-618C8C4A50B6}" = lport=12345 | protocol=17 | dir=in | app=c:\program files\devolo\easyshare\easyshare.exe | 
"{9E964B03-19B4-4401-8CD0-4ED5D5B998E9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B2066F9C-C8DE-40EA-8DEC-C9D6BA7B9E2A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CB011577-6053-4B59-8EC3-C855543BB980}" = lport=12346 | protocol=6 | dir=in | app=c:\program files\devolo\easyshare\easyshare.exe | 
"{D073FA1D-33F6-4C25-8215-9669CA6EC2E7}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D1FB9993-7959-4E7A-AA19-379C7AE35C11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D35455B0-C544-48D3-8354-FDE9D3EDCC0D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D5E47C66-ABD9-4345-9526-2AAEF23F7DFA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D7E4C8B7-2B99-4A01-BA2F-4C420E30B974}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EA02F1D6-45B3-4ADE-8E02-CF855778B359}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{EA09145F-7209-410B-9B1E-83CA4B3E292F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F697D19E-EBA2-4D60-8F82-8796954566E7}" = lport=19375 | protocol=17 | dir=in | app=c:\program files\devolo\dlanwlancfg\dlanwlancfg.exe | 
"{F941330E-0946-4720-A006-31E1627D1001}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00803CA8-5906-4058-AAD5-6A1597E126A6}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe | 
"{1A350546-2DF2-4E2F-A56A-D1DC86E72397}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2006CCEE-282F-47CB-A33C-5DD5854523F5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{39E52C77-BF73-4AE1-8EA3-5A7B5E9EF627}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{4F12C52E-B3AD-47D6-90FB-4AFE455C1476}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{50DE16DB-92F4-4717-B1DC-97C00EEB669E}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe | 
"{5700B01D-00F5-44C0-B442-FF4AE5B7A697}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{77F8C253-E2CC-4B72-8332-58D28C4717BF}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{848B42E4-F17C-4693-84D9-C7871E295AFB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A273A860-6A62-4E7A-A4F6-9BB1C6CC6667}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{C5579399-8659-43A9-AC99-DD47AC4384EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DDB85064-4A5A-41D0-AE1A-E33A762CBAA7}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"TCP Query User{565F0CBC-C5B2-4CB3-930E-8EC4FC466D0A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{65CA7AB5-D8D0-4A95-AB15-23A317EA0138}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{6AD3AFF0-DACF-4AA4-B328-E42AED05D898}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{78C52376-D0A0-4CD4-95B3-706B801D32D3}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{BE2303B3-8F15-486F-8BB7-6BB67AE4E494}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{C5452181-492C-4CF6-B49B-37C9F7A65FF8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{5D670393-D5F7-416F-ADB0-ABC0FAE20C1E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{5F13D660-8E4F-482A-9CAD-0D7A96B1D082}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{7BCA53A8-80E8-4A92-BAA8-EF6114D65281}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{D640CCA0-024F-4124-85A7-7FAF5D7354D6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{F77A595B-44EE-44E7-8A30-9DF72023FB70}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{F8467B77-268B-4DE6-973C-7CE2CB2DCE0E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0795AE80-E3AD-C109-D0ED-127454F7947D}" = CCC Help Czech
"{09C07EA5-2B33-D6A8-82EE-96E2EFB50933}" = Catalyst Control Center Localization German
"{0BDD74BD-5919-45DC-8DBD-FD9A7FFBEE7D}" = Catalyst Control Center Localization Czech
"{0DA98A0B-E9AA-7D76-9FFB-09666B57B977}" = CCC Help Japanese
"{113784E4-001C-F3B0-BB12-30301C352D5A}" = CCC Help Chinese Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{15343122-1A4C-84D1-F14C-19DAD9C3E170}" = Catalyst Control Center Localization Chinese Traditional
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1ABD9408-C1DC-EF1F-40E8-2D9A6531CDA3}" = ATI Catalyst Install Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{230441A3-AEFA-1008-6874-E00CCD863C1B}" = ccc-utility
"{2376F2D7-47F6-7D31-454C-50B3E7B04D79}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{26E0A023-F45C-F529-D820-180FDAFA2CF5}" = Catalyst Control Center Localization French
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{39B1744D-0561-20FD-10BC-462349B2CD17}" = Catalyst Control Center Core Implementation
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EA29C6A-F433-2CFA-9343-A30061A31D40}" = Catalyst Control Center Graphics Light
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4818083E-ADDE-37BD-7C86-4B72C7D96692}" = CCC Help Greek
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C4B9522-FD03-D17C-1A00-8EBC02CA5AC2}" = CCC Help French
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4E271D3B-6105-525A-885D-72330974AABF}" = Catalyst Control Center Localization Spanish
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{535D722D-3CD3-7B2B-0D2A-8205AB81702D}" = Catalyst Control Center Localization Italian
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{583ACB37-3139-562A-6279-0158480F2277}" = Catalyst Control Center Localization Japanese
"{59C4B635-2E5A-1141-C0E5-004FC4D196F4}" = CCC Help Thai
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CE3E15C-6E1D-A3FE-2E35-F40E83DDF68D}" = CCC Help German
"{5F6A4850-DDBE-DA71-0B73-10170D2A4E55}" = Catalyst Control Center Localization Korean
"{60B08761-8B36-4C10-51DC-C68AEA125612}" = CCC Help Turkish
"{640BBCC1-792B-8FF8-D5FF-EA185F1352BA}" = CCC Help Hungarian
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D69A81D-B087-BFB2-DD8C-EF5FF34FBEC1}" = Catalyst Control Center Localization Norwegian
"{6EDE839E-B81A-28F0-5A7D-51A7128A1FD5}" = Catalyst Control Center Localization Greek
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{72F32AF2-2FA3-E6A0-D3D5-047691462436}" = CCC Help Danish
"{733D4DE8-14B8-EF66-CE77-160C0EC92913}" = CCC Help Swedish
"{74641F41-CE39-EA12-CD69-6903FD17544C}" = Catalyst Control Center Localization Turkish
"{74D5CF76-2DA9-7105-0BCB-3ACE774F478A}" = CCC Help Polish
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76C1FD00-E569-A09E-E128-87B81203F6AA}" = CCC Help Portuguese
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80574E0C-36A8-7974-0460-8B93A96A601E}" = Catalyst Control Center Graphics Full New
"{81E677EB-392F-FC88-7498-9506248689B4}" = CCC Help Italian
"{82310404-A89C-D870-769F-005031AFFD9B}" = CCC Help Spanish
"{861CD9E0-D0CE-00DA-20F7-DA8869E0954E}" = Catalyst Control Center Graphics Full Existing
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B14B6B8-342F-9556-46CA-D948734245D6}" = Catalyst Control Center Localization Dutch
"{8BF358A1-F53D-FF72-C844-FC4A4CE79B97}" = Catalyst Control Center Localization Hungarian
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{92C8DAA6-A0FA-DBDE-0464-5BEFAB4AB1B4}" = Catalyst Control Center Localization Chinese Standard
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{997AEC5C-8E66-48A9-5149-E3E03F05710C}" = CCC Help Korean
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AD4CEE8C-0AF0-B4B2-D64B-7CCF70BD60B6}" = Catalyst Control Center Localization Russian
"{AE5906D7-1980-EA3B-711E-4BA92F0B70AA}" = Catalyst Control Center Localization Swedish
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF2F91EE-EF88-DB9A-5A0F-6E8B8C8901EA}" = Catalyst Control Center Localization Thai
"{AF97A9E8-155E-25C3-AAC2-377E3C2F8CE1}" = CCC Help Dutch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B161098B-279B-399C-63AC-68D1AECA98B8}" = CCC Help Chinese Traditional
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe  1.8.15.1
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BE52510A-0CC8-EB71-9405-07E2B369526E}" = Catalyst Control Center Localization Portuguese
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{C8167567-C053-7355-A2DE-DFD50B5E9F90}" = CCC Help Russian
"{C93F1C40-29E8-1351-3CAB-35DBBA6843F3}" = CCC Help Finnish
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DDC49762-9664-28B4-97F3-24DA91618CBC}" = CCC Help Norwegian
"{DF85F51D-6908-5B09-FA13-5B3376C640E1}" = Skins
"{E380FD9E-D9AD-A7FF-2986-6A906836D79E}" = Catalyst Control Center Graphics Previews Vista
"{E63BD217-4154-3693-595B-0A6F38C611C1}" = Catalyst Control Center Localization Danish
"{E9EFEA79-C84D-45BA-7037-4DC356790BF8}" = ccc-core-static
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA340E1B-0840-8F61-32CF-7A5A99A2C854}" = Catalyst Control Center Localization Polish
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"{FE6D4D2B-154C-1485-81B8-D2F6F5C5CF30}" = Catalyst Control Center Localization Finnish
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"AC3Filter" = AC3Filter (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Agfa ScanWise 1.20" = Agfa ScanWise 1.20
"AliceHilfe 1.0.0.1" = AliceHilfe
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"Corel Uninstaller" = Corel Uninstaller
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dlanwlancfg" = devolo dLAN Wireless extender Konfiguration
"dslmon" = devolo Informer
"easyshare" = devolo EasyShare
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX510W_TX550W Benutzerhandbuch" = Epson Stylus SX510W_TX550W Handbuch
"EPSON SX510W Series" = Druckerdeinstallation für EPSON SX510W Series
"ESET Online Scanner" = ESET Online Scanner v3
"FotoWorks XL_is1" = FotoWorks XL
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mediscript-CD GK1" = Mediscript-CD GK1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"MSC" = McAfee SecurityCenter
"PROHYBRIDR" = 2007 Microsoft Office system
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.07.2012 15:08:04 | Computer Name = Margit-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 05.07.2012 15:08:04 | Computer Name = Margit-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.07.2012 16:54:34 | Computer Name = Margit-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die
 Datei  C:\Users\Margit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JMQWQPPM\7-FW-jpg_103600[1].jpg.

 [ACCESS_VIOLATION Exception!! EIP = 0x1ae6632]   Bitte Avira informieren und die 
obige Datei übersenden!
 
Error - 08.07.2012 19:07:20 | Computer Name = Margit-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 09.07.2012 05:47:50 | Computer Name = Margit-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 09.07.2012 05:47:50 | Computer Name = Margit-PC | Source = System Restore | ID = 8210
Description = 
 
Error - 09.07.2012 15:49:46 | Computer Name = Margit-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16446 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1714  Anfangszeit: 01cd5e047792b5a0  Zeitpunkt
 der Beendigung: 22
 
Error - 09.07.2012 18:01:05 | Computer Name = Margit-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 10.07.2012 17:20:02 | Computer Name = Margit-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 11.07.2012 04:34:53 | Computer Name = Margit-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung E_FBINABE.EXE, Version 4.2.0.0, Zeitstempel 
0x40458740, fehlerhaftes Modul ADVAPI32.dll, Version 6.0.6002.18005, Zeitstempel
 0x49e03717, Ausnahmecode 0xc0000005, Fehleroffset 0x00015aab,  Prozess-ID 0x968, 
Anwendungsstartzeit 01cd5f400a48a01b.
 
[ OSession Events ]
Error - 12.10.2008 18:13:55 | Computer Name = Margit-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34742
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 11.02.2009 20:22:07 | Computer Name = Margit-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 599
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 08.03.2009 09:56:41 | Computer Name = Margit-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 116
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 13.10.2009 07:29:04 | Computer Name = Margit-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 246
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 06.01.2011 12:01:07 | Computer Name = Margit-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 11.07.2012 05:05:08 | Computer Name = Margit-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 11.07.2012 05:06:13 | Computer Name = Margit-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 11.07.2012 05:09:31 | Computer Name = Margit-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 11.07.2012 05:15:09 | Computer Name = Margit-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 11.07.2012 05:22:48 | Computer Name = Margit-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 11.07.2012 05:35:02 | Computer Name = Margit-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 11.07.2012 05:50:11 | Computer Name = Margit-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 11.07.2012 05:55:15 | Computer Name = Margit-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 11.07.2012 05:56:59 | Computer Name = Margit-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 11.07.2012 05:59:09 | Computer Name = Margit-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
 
< End of report >

--- --- ---
[/code]

Danke fürs Helfen...

markusg · 11.07.2012, 21:28

hi
nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?

ma88 · 11.07.2012, 21:53

Ne, kein onlinebanking o.ä. Wichtig wären 'nur' die Sachen fürs Studium.
Ist's schlimm? Weil eigtl funktioniert er seit So komischerweise wieder ganz gut...

markusg · 14.07.2012, 12:23

ja, diese malware stiehlt sensible daten, und ist je nach angreifer und ziel nach belieben erweiterbar.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:

deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
dann sichere Daten auf nen externen datenträger: http://www.trojaner-board.de/82533-d...ted-magic.html
Bilder, Dokumente, Musik Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neu instalieren:

nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
recovery cd oder recovery partition.
falls dies ein fertig pc ist, nenne hersteller + typ.
Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

ma88 · 15.07.2012, 19:38

ohje, trotzdem vielen dank schon mal!
bin die woche ziemlich im stress und schaff's erst ab wochenende mich der angelegenheit genauer zu widmen... dauert also bisschen, bis ich mich wieder melde!

bis dahin viele grüße!

Tr/Gataka.D.57 - PC sehr langsam

Plagegeister aller Art und deren Bekämpfung: Tr/Gataka.D.57 - PC sehr langsam