|   | blabla52 | 24.10.2012 19:43 |  
 GVU-Trojaner
 Moin zusammen,  
ich habe hier vor mir einen Laptop den ich mal so eben nebenbei reparieren soll. Allen Anschein nach, handelt es sich dabei um den GVU-Trojaner. ( Kenne mich selber nicht so wirklich in Sachen Viren und Trojaner aus, weil ich momentan noch nen Mac verwende. )   
Anbei die OTL-Datei:   Code: 
 OTL logfile created on: 24.10.2012 20:07:41 - Run 1OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Brigitte Schult\Desktop
 Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
 Internet Explorer (Version = 9.0.8112.16421)
 Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
 1,99 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,15% Memory free
 4,21 Gb Paging File | 3,06 Gb Available in Paging File | 72,63% Paging File free
 Paging file location(s): ?:\pagefile.sys [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
 Drive C: | 93,08 Gb Total Space | 31,07 Gb Free Space | 33,38% Space Free | Partition Type: NTFS
 Drive D: | 14,83 Gb Total Space | 11,40 Gb Free Space | 76,88% Space Free | Partition Type: FAT32
 Drive E: | 91,77 Gb Total Space | 86,87 Gb Free Space | 94,66% Space Free | Partition Type: NTFS
 
 Computer Name: BRIGITTESCHU-PC | User Name: Brigitte Schult | Logged in as Administrator.
 Boot Mode: Normal | Scan Mode: Current user | Quick Scan
 Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
 ========== Processes (SafeList) ==========
 
 PRC - [2012.10.24 19:55:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brigitte Schult\Desktop\OTL.exe
 PRC - [2012.10.16 17:50:33 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
 PRC - [2012.08.29 17:12:55 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe
 PRC - [2012.08.24 09:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
 PRC - [2010.02.04 23:47:34 | 000,093,376 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Programme\Olympus\ib\olycamdetect.exe
 PRC - [2009.08.31 07:56:10 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgrsx.exe
 PRC - [2009.08.31 07:55:40 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgwdsvc.exe
 PRC - [2009.04.11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
 PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
 PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 PRC - [2008.01.29 19:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
 PRC - [2008.01.29 17:00:40 | 000,430,080 | ---- | M] () -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
 PRC - [2008.01.25 13:33:50 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe
 PRC - [2008.01.22 14:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe
 PRC - [2008.01.21 17:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
 PRC - [2008.01.21 04:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
 PRC - [2008.01.17 16:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe
 PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe
 PRC - [2008.01.09 15:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
 PRC - [2007.12.25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
 PRC - [2007.12.25 14:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe
 PRC - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe
 PRC - [2007.11.21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
 PRC - [2006.09.28 11:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
 ========== Modules (No Company Name) ==========
 
 MOD - [2012.10.16 17:33:52 | 000,007,424 | ---- | M] () -- C:\Users\Brigitte Schult\AppData\Roaming\BAcroIEHelpe217.dll
 MOD - [2008.01.29 17:00:40 | 000,430,080 | ---- | M] () -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
 MOD - [2007.12.25 12:03:40 | 000,015,184 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll
 MOD - [2007.12.14 21:40:00 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
 MOD - [2007.12.14 21:28:38 | 004,726,784 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\BlackPng.dll
 MOD - [2007.09.13 15:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
 MOD - [2007.01.18 10:30:00 | 000,094,208 | ---- | M] () -- C:\Programme\IDM\Desktop SMS\oehook.dll
 MOD - [2006.10.10 12:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll
 MOD - [2006.10.07 12:57:04 | 000,053,248 | ---- | M] () -- c:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
 
 
 ========== Services (SafeList) ==========
 
 SRV - [2012.10.09 17:33:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
 SRV - [2009.08.31 07:55:40 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
 SRV - [2008.01.21 17:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
 SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
 SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
 SRV - [2007.12.25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 SRV - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
 SRV - [2007.11.21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
 SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
 SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 SRV - [2006.09.28 11:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 SRV - [2005.02.09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)
 
 
 ========== Driver Services (SafeList) ==========
 
 DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
 DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
 DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
 DRV - [2009.09.10 16:58:26 | 000,021,648 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OlyCamComm.sys -- (OlyCamComm)
 DRV - [2009.08.31 07:56:10 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
 DRV - [2009.08.31 07:56:10 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
 DRV - [2008.01.21 16:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
 DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
 DRV - [2007.12.28 20:21:54 | 000,104,448 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 DRV - [2007.12.26 11:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
 DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
 DRV - [2007.10.17 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 DRV - [2007.04.23 10:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
 DRV - [2007.01.04 10:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
 DRV - [2006.11.20 15:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
 DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 DRV - [2001.09.09 09:43:58 | 000,038,401 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvc.sys -- (DVC)
 
 
 ========== Standard Registry (SafeList) ==========
 
 
 ========== Internet Explorer ==========
 
 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de
 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de
 IE - HKLM\..\SearchScopes,DefaultScope = {344721BC-7E2A-4B02-A00C-4AFFE316B0B7}
 IE - HKLM\..\SearchScopes\{344721BC-7E2A-4B02-A00C-4AFFE316B0B7}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
 
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.de
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.de
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
 IE - HKCU\..\SearchScopes,DefaultScope = {344721BC-7E2A-4B02-A00C-4AFFE316B0B7}
 IE - HKCU\..\SearchScopes\{344721BC-7E2A-4B02-A00C-4AFFE316B0B7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEA_deDE277
 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 ========== FireFox ==========
 
 FF - prefs.js..browser.search.update: false
 FF - prefs.js..browser.search.update: false
 FF - prefs.js..browser.search.useDBForOrder: true
 FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.6.20120119024823
 FF - prefs.js..extensions.enabledAddons: {9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}:1.0
 FF - user.js - File not found
 
 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
 FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
 FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009.12.30 09:51:26 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.19 19:41:55 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Brigitte Schult\AppData\Roaming\11001.072 [2012.10.16 17:33:37 | 000,000,000 | ---D | M]
 
 [2011.12.24 11:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brigitte Schult\AppData\Roaming\mozilla\Extensions
 [2012.04.19 19:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brigitte Schult\AppData\Roaming\mozilla\Firefox\Profiles\1co2dgkn.default\extensions
 [2012.04.19 19:38:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Brigitte Schult\AppData\Roaming\mozilla\Firefox\Profiles\1co2dgkn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 [2012.04.19 19:42:17 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Brigitte Schult\AppData\Roaming\mozilla\firefox\profiles\1co2dgkn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
 [2012.04.19 19:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 [2012.04.19 19:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
 [2012.04.19 19:36:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 [2012.10.16 17:33:37 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\BRIGITTE SCHULT\APPDATA\ROAMING\11001.072
 [2012.04.19 19:41:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
 [2012.04.19 19:41:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
 [2012.04.19 19:41:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 [2012.04.19 19:41:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
 [2012.04.19 19:41:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 [2012.04.19 19:41:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 [2012.04.19 19:41:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
 O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
 O1 - Hosts: 127.0.0.1       localhost
 O1 - Hosts: ::1             localhost
 O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
 O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
 O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
 O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
 O4 - HKLM..\Run: [AVG8_TRAY] C:\Programme\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
 O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
 O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
 O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
 O4 - HKLM..\Run: [NWEReboot]  File not found
 O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
 O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
 O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
 O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
 O4 - HKLM..\Run: [UVS10 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
 O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
 O4 - HKCU..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
 O4 - HKCU..\Run: [Philips Intelligent Agent] C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics)
 O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
 O4 - HKCU..\Run: [Userinit] C:\Users\Brigitte Schult\AppData\Roaming\appConf32.exe ()
 O4 - Startup: C:\Users\Brigitte Schult\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
 O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
 O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
 O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
 O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
 O13 - gopher Prefix: missing
 O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
 O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
 O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
 O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
 O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53D2C9D6-8D6C-4F3C-B245-22E7070D4565}: DhcpNameServer = 192.168.2.1
 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
 O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
 O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
 O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
 O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
 O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
 O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
 O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
 O32 - HKLM CDRom: AutoRun - 1
 O32 - AutoRun File - [2008.05.20 21:07:07 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
 O34 - HKLM BootExecute: (autocheck autochk *)
 O35 - HKLM\..comfile [open] -- "%1" %*
 O35 - HKLM\..exefile [open] -- "%1" %*
 O37 - HKLM\...com [@ = comfile] -- "%1" %*
 O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
 O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
 ========== Files/Folders - Created Within 30 Days ==========
 
 [2012.10.24 20:04:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brigitte Schult\Desktop\OTL.exe
 [2012.10.16 17:50:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
 [2012.10.16 17:33:37 | 000,000,000 | ---D | C] -- C:\Users\Brigitte Schult\AppData\Roaming\11001.072
 [2012.10.16 17:21:43 | 000,000,000 | ---D | C] -- C:\Users\Brigitte Schult\AppData\Roaming\UAs
 [2012.10.12 15:35:32 | 000,000,000 | ---D | C] -- C:\Users\Brigitte Schult\AppData\Roaming\11001.071
 [2012.10.12 15:35:05 | 000,000,000 | ---D | C] -- C:\Users\Brigitte Schult\AppData\Roaming\xmldm
 [2012.10.12 15:35:03 | 000,000,000 | ---D | C] -- C:\Users\Brigitte Schult\AppData\Roaming\kock
 [2008.05.31 21:29:38 | 000,010,752 | ---- | C] (Arcor Online GmbH) -- C:\Users\Brigitte Schult\AppData\Local\cmdial32.dll
 [2 C:\Users\Brigitte Schult\AppData\Roaming\*.tmp files -> C:\Users\Brigitte Schult\AppData\Roaming\*.tmp -> ]
 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
 ========== Files - Modified Within 30 Days ==========
 
 [2012.10.24 20:09:05 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
 [2012.10.24 20:09:05 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
 [2012.10.24 20:09:05 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
 [2012.10.24 20:09:05 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 [2012.10.24 19:55:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brigitte Schult\Desktop\OTL.exe
 [2012.10.24 19:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
 [2012.10.24 19:23:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
 [2012.10.24 19:23:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
 [2012.10.24 19:23:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
 [2012.10.24 19:22:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
 [2012.10.24 19:22:42 | 2136,956,928 | -HS- | M] () -- C:\hiberfil.sys
 [2012.10.24 19:17:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
 [2012.10.24 19:14:54 | 083,023,306 | ---- | M] () -- C:\ProgramData\sqj.pad
 [2012.10.21 17:59:22 | 000,000,017 | ---- | M] () -- C:\Users\Brigitte Schult\AppData\Roaming\blckdom.res
 [2012.10.16 17:50:37 | 000,000,763 | ---- | M] () -- C:\Users\Brigitte Schult\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
 [2012.10.16 17:33:52 | 000,181,904 | ---- | M] () -- C:\Users\Brigitte Schult\AppData\Roaming\AcroIEHelpe217.dll
 [2012.10.16 17:33:52 | 000,007,424 | ---- | M] () -- C:\Users\Brigitte Schult\AppData\Roaming\BAcroIEHelpe217.dll
 [2012.10.16 17:22:48 | 059,079,994 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
 [2012.10.15 16:38:20 | 000,003,906 | ---- | M] () -- C:\Users\Brigitte Schult\AppData\Roaming\wklnhst.dat
 [2012.10.15 16:31:14 | 000,011,776 | ---- | M] () -- C:\Users\Brigitte Schult\Documents\Schr.an RA Raschendorfer.wps
 [2012.10.12 15:35:48 | 000,181,904 | ---- | M] () -- C:\Users\Brigitte Schult\AppData\Roaming\AcroIEHelpe.dll
 [2012.10.11 18:31:49 | 000,018,432 | ---- | M] () -- C:\Users\Brigitte Schult\Documents\Renate Bericht 2009.xlr
 [2012.10.09 20:07:05 | 000,023,552 | ---- | M] () -- C:\Users\Brigitte Schult\Documents\Jahresbericht 2011 Renate.xlr
 [2012.10.09 19:27:41 | 000,011,264 | ---- | M] () -- C:\Users\Brigitte Schult\Documents\kündigungaz.wps
 [2 C:\Users\Brigitte Schult\AppData\Roaming\*.tmp files -> C:\Users\Brigitte Schult\AppData\Roaming\*.tmp -> ]
 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
 ========== Files Created - No Company Name ==========
 
 [2012.10.16 17:50:37 | 000,000,763 | ---- | C] () -- C:\Users\Brigitte Schult\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
 [2012.10.16 17:50:33 | 083,023,306 | ---- | C] () -- C:\ProgramData\sqj.pad
 [2012.10.16 17:33:52 | 000,181,904 | ---- | C] () -- C:\Users\Brigitte Schult\AppData\Roaming\AcroIEHelpe217.dll
 [2012.10.16 17:33:52 | 000,007,424 | ---- | C] () -- C:\Users\Brigitte Schult\AppData\Roaming\BAcroIEHelpe217.dll
 [2012.10.15 15:59:58 | 000,011,776 | ---- | C] () -- C:\Users\Brigitte Schult\Documents\Schr.an RA Raschendorfer.wps
 [2012.10.12 15:35:48 | 000,181,904 | ---- | C] () -- C:\Users\Brigitte Schult\AppData\Roaming\AcroIEHelpe.dll
 [2012.10.12 15:35:19 | 000,000,017 | ---- | C] () -- C:\Users\Brigitte Schult\AppData\Roaming\blckdom.res
 [2012.10.09 11:06:24 | 000,011,264 | ---- | C] () -- C:\Users\Brigitte Schult\Documents\kündigungaz.wps
 [2012.08.22 18:18:55 | 000,000,256 | ---- | C] () -- C:\Users\Brigitte Schult\mxcdr.ini
 [2011.10.29 19:08:25 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
 [2011.10.16 20:37:55 | 000,000,000 | -H-- | C] () -- C:\Users\Brigitte Schult\AppData\Roaming\LhhLIMyKK7EK
 [2010.10.30 20:50:40 | 009,941,702 | ---- | C] () -- C:\Users\Brigitte Schult\Trucks 1_2010.zip
 [2008.12.09 17:23:13 | 000,051,768 | RHS- | C] () -- C:\Users\Brigitte Schult\AppData\Roaming\appConf32.exe
 [2008.06.15 21:52:01 | 000,006,174 | ---- | C] () -- C:\Users\Brigitte Schult\hupe 22.wav
 [2008.06.15 20:53:37 | 000,279,992 | ---- | C] () -- C:\Users\Brigitte Schult\Lanz Bulldog Motor sehr gut.wav
 [2008.05.17 20:06:43 | 000,013,312 | ---- | C] () -- C:\Users\Brigitte Schult\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 [2008.05.04 12:27:46 | 000,000,016 | -H-- | C] () -- C:\Users\Brigitte Schult\AppData\Roaming\mxfilerelatedcache.mxc2
 [2008.05.04 12:27:46 | 000,000,016 | -H-- | C] () -- C:\Users\Brigitte Schult\AppData\Local\mxfilerelatedcache.mxc2
 [2008.05.04 12:27:43 | 000,000,016 | -H-- | C] () -- C:\Users\Brigitte Schult\mxfilerelatedcache.mxc2
 [2008.05.03 11:23:40 | 000,003,906 | ---- | C] () -- C:\Users\Brigitte Schult\AppData\Roaming\wklnhst.dat
 
 ========== ZeroAccess Check ==========
 
 [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
 [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
 [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
 [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Apartment
 
 [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
 "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Free
 
 [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Both
 
 ========== LOP Check ==========
 
 [2012.10.12 15:35:33 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\11001.071
 [2012.10.16 17:33:37 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\11001.072
 [2012.10.12 15:35:03 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\kock
 [2008.12.08 18:53:23 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\MAGIX
 [2008.12.08 18:47:36 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\myphotobook
 [2008.05.20 22:06:45 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\proDAD
 [2008.05.03 11:24:04 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\Template
 [2012.10.16 17:21:43 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\UAs
 [2010.06.10 21:08:25 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\Ulead Systems
 [2012.10.12 15:35:05 | 000,000,000 | ---D | M] -- C:\Users\Brigitte Schult\AppData\Roaming\xmldm
 
 ========== Purity Check ==========
 
 
 
 < End of report >
 Und hier die Extra.txt.   Code: 
 OTL Extras logfile created on: 24.10.2012 20:07:41 - Run 1OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Brigitte Schult\Desktop
 Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
 Internet Explorer (Version = 9.0.8112.16421)
 Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
 1,99 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,15% Memory free
 4,21 Gb Paging File | 3,06 Gb Available in Paging File | 72,63% Paging File free
 Paging file location(s): ?:\pagefile.sys [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
 Drive C: | 93,08 Gb Total Space | 31,07 Gb Free Space | 33,38% Space Free | Partition Type: NTFS
 Drive D: | 14,83 Gb Total Space | 11,40 Gb Free Space | 76,88% Space Free | Partition Type: FAT32
 Drive E: | 91,77 Gb Total Space | 86,87 Gb Free Space | 94,66% Space Free | Partition Type: NTFS
 
 Computer Name: BRIGITTESCHU-PC | User Name: Brigitte Schult | Logged in as Administrator.
 Boot Mode: Normal | Scan Mode: Current user | Quick Scan
 Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
 ========== Extra Registry (SafeList) ==========
 
 
 ========== File Associations ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
 .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
 [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
 .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
 ========== Shell Spawning ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
 batfile [open] -- "%1" %*
 cmdfile [open] -- "%1" %*
 comfile [open] -- "%1" %*
 cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
 exefile [open] -- "%1" %*
 helpfile [open] -- Reg Error: Key error.
 hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
 inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
 piffile [open] -- "%1" %*
 regfile [merge] -- Reg Error: Key error.
 scrfile [config] -- "%1"
 scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
 scrfile [open] -- "%1" /S
 txtfile [edit] -- Reg Error: Key error.
 Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
 Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
 Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
 Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
 ========== Security Center Settings ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 "cval" = 1
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
 "DisableMonitoring" = 1
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 "AntiVirusOverride" = 0
 "AntiSpywareOverride" = 0
 "FirewallOverride" = 0
 "VistaSp1" = Reg Error: Unknown registry data type -- File not found
 "VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
 ========== Firewall Settings ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 "EnableFirewall" = 1
 "DisableNotifications" = 0
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 "EnableFirewall" = 1
 "DisableNotifications" = 0
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
 "EnableFirewall" = 1
 "DisableNotifications" = 0
 
 ========== Authorized Applications List ==========
 
 
 ========== Vista Active Open Ports Exception List ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 "{22197C16-5EDC-484B-B2A4-511407DED270}" = lport=139 | protocol=6 | dir=in | app=system |
 "{4687E16F-414E-4496-845F-06F4A5050E6E}" = rport=138 | protocol=17 | dir=out | app=system |
 "{4DA89C76-5458-417F-A118-AC08B9766CF2}" = lport=137 | protocol=17 | dir=in | app=system |
 "{51975533-D320-44F0-990F-54B77C4A4A85}" = lport=445 | protocol=6 | dir=in | app=system |
 "{7937B787-8ED7-455E-BB06-8F5DF42B960F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 "{90FCF08D-EC5F-43DE-BA15-43388720549D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
 "{918EBA85-657C-4705-ABF3-2F1281C8920A}" = rport=139 | protocol=6 | dir=out | app=system |
 "{A2B7ACE3-57FA-4F85-9681-0E527CD45028}" = rport=445 | protocol=6 | dir=out | app=system |
 "{E7B551B5-51DF-4DF2-8158-7FF6C6848F2C}" = rport=137 | protocol=17 | dir=out | app=system |
 "{FB94EEC3-3A04-41C9-B449-D3AE6BF541C7}" = lport=138 | protocol=17 | dir=in | app=system |
 
 ========== Vista Active Application Exception List ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 "{0DC72EF3-43F6-4597-ABD2-B7676C57DBB4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
 "{2CC0C0B8-C286-462E-AB98-1B21922EC9EC}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
 "{339FD4F8-A869-4481-A191-BFCA975A6388}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
 "{3819E3E5-7076-4329-9EEE-D7F3D3429549}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
 "{4280FE46-1986-4166-A191-B638F6034D02}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
 "{45D535BD-7CDA-43EA-9F0B-554602CD9564}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
 "{466D3A99-38CF-4171-97B2-D19BCF57DB88}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
 "{77EA3867-ADF6-4B7B-B62A-4E9848B31672}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
 "{86EAC92A-6CF3-4428-9F2E-991EA287930A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
 "{94EF47C5-1A24-421A-8713-7F70B4A48189}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
 "{9948CE44-4709-4824-9C5E-E539BCFBE554}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
 "{A35E6403-BAA3-46AD-96FE-3A0488EE0BF0}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
 "{B208F38C-5CA7-48C8-A331-37BF0D3B48F6}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
 "{E098DD7A-980B-4C23-901B-7D260F559EF5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
 "{FCB51C6E-9EFE-443D-97CD-63FE51109BEC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
 "TCP Query User{EE9F0522-F4EB-4003-B954-D111FE5C172E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 "UDP Query User{DBDB4824-098A-4AB5-AD07-1B1F9974B9FE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 "{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
 "{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
 "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
 "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
 "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
 "{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software
 "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
 "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
 "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
 "{45A1BF92-700A-4408-B95E-79F462E3D67D}" = Studio 11 Bonus DVD
 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
 "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
 "{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
 "{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
 "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
 "{6AB749DD-670E-42D7-AC1B-6E579E496DDA}" = Studio 11
 "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
 "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
 "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
 "{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
 "{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
 "{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
 "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
 "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
 "{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
 "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
 "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
 "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
 "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
 "{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
 "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
 "{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
 "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
 "AVG8Uninstall" = AVG Free 8.5
 "CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
 "E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
 "Google Desktop" = Google Desktop
 "HDMI" = Intel(R) Graphics Media Accelerator Driver
 "HOMESTUDENTR" = Microsoft Office Home and Student 2007
 "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
 "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
 "InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
 "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
 "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
 "MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
 "MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
 "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
 "MEDION DVC Media" = MEDION DVC Media
 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
 "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
 "myphotobook" = myphotobook 3.5
 "Philips Intelligent Agent_is1" = Philips Intelligent Agent
 "proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
 "proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
 "ST6UNST #1" = USM-BN Sound-Teacher V2.00
 "ST6UNST #10" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\) #10
 "ST6UNST #11" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\) #11
 "ST6UNST #2" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\)
 "ST6UNST #3" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\) #3
 "ST6UNST #4" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\) #4
 "ST6UNST #5" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\) #5
 "ST6UNST #6" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\) #6
 "ST6UNST #7" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\) #7
 "ST6UNST #8" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\) #8
 "ST6UNST #9" = USM-BN Sound-Teacher V2.00 (C:\Program Files\USM-BN Sound-Teacher\) #9
 "SynTPDeinstKey" = Synaptics Pointing Device Driver
 "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
 
 ========== Last 20 Event Log Errors ==========
 
 [ Application Events ]
 Error - 26.09.2012 07:13:11 | Computer Name = BrigitteSchu-PC | Source = WinMgmt | ID = 10
 Description =
 
 Error - 29.09.2012 14:31:38 | Computer Name = BrigitteSchu-PC | Source = WinMgmt | ID = 10
 Description =
 
 Error - 29.09.2012 16:24:45 | Computer Name = BrigitteSchu-PC | Source = Application Hang | ID = 1002
 Description = Programm iexplore.exe, Version 9.0.8112.16448 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
 über das Problem zu suchen.  Prozess-ID: 9e8  Anfangszeit: 01cd9e7ba6b5aefe  Zeitpunkt
 der Beendigung: 11529
 
 Error - 30.09.2012 13:43:02 | Computer Name = BrigitteSchu-PC | Source = WinMgmt | ID = 10
 Description =
 
 Error - 30.09.2012 14:11:10 | Computer Name = BrigitteSchu-PC | Source = WinMgmt | ID = 10
 Description =
 
 Error - 02.10.2012 03:41:05 | Computer Name = BrigitteSchu-PC | Source = WinMgmt | ID = 10
 Description =
 
 Error - 02.10.2012 11:12:08 | Computer Name = BrigitteSchu-PC | Source = WinMgmt | ID = 10
 Description =
 
 Error - 09.10.2012 04:39:37 | Computer Name = BrigitteSchu-PC | Source = WinMgmt | ID = 10
 Description =
 
 Error - 09.10.2012 05:07:19 | Computer Name = BrigitteSchu-PC | Source = RasClient | ID = 20227
 Description =
 
 Error - 09.10.2012 05:07:47 | Computer Name = BrigitteSchu-PC | Source = RasClient | ID = 20227
 Description =
 
 [ System Events ]
 Error - 29.09.2012 15:17:31 | Computer Name = BrigitteSchu-PC | Source = DCOM | ID = 10005
 Description =
 
 Error - 29.09.2012 15:17:31 | Computer Name = BrigitteSchu-PC | Source = Service Control Manager | ID = 7009
 Description =
 
 Error - 29.09.2012 15:17:31 | Computer Name = BrigitteSchu-PC | Source = Service Control Manager | ID = 7000
 Description =
 
 Error - 30.09.2012 14:08:19 | Computer Name = BrigitteSchu-PC | Source = DCOM | ID = 10010
 Description =
 
 Error - 09.10.2012 05:09:19 | Computer Name = BrigitteSchu-PC | Source = DCOM | ID = 10016
 Description =
 
 Error - 09.10.2012 05:09:19 | Computer Name = BrigitteSchu-PC | Source = DCOM | ID = 10016
 Description =
 
 Error - 09.10.2012 06:23:38 | Computer Name = BrigitteSchu-PC | Source = DCOM | ID = 10010
 Description =
 
 Error - 12.10.2012 09:30:22 | Computer Name = BrigitteSchu-PC | Source = Service Control Manager | ID = 7011
 Description =
 
 Error - 21.10.2012 11:59:59 | Computer Name = BrigitteSchu-PC | Source = DCOM | ID = 10010
 Description =
 
 Error - 21.10.2012 11:59:59 | Computer Name = BrigitteSchu-PC | Source = DCOM | ID = 10000
 Description =
 
 
 < End of report >
 Obwohl es sich um ein 32bit System handelt, konnte ich leider keine gmer.txt erstellen, da das Programm beim Scannen immer abstürzt.   
Habe ich irgendwelche Infos vergessen? Schon jetzt vielen Dank für die Unterstützung.  
Grüße. |