|   | Homomorphism | 02.04.2013 11:22 |  
 GVU Trojaner mit Webcam
 Guten Tag, 
der zweite Laptop in unserem Haushalt, ein Asus Notebook B50A Series Windows Vista, ist von dem GVU Trojaner mit Webcam befallen worden. Da ich mich schon vor ein paar Monaten mit dem gleichen Trojaner auf einem anderen Laptop bei euch gemeldet und das Problem mit eurer Hilfe schnell beseitigt habe, wende ich mich heute wieder an euch.  
Zunächst habe ich einen von Malwarebytes erkannten Trojaner löschen lassen und bin dem Rest der Anleitung gefolgt. 
Hier die von der Anleitung gewünschten logs  
Malwarebytes   Code: 
 Malwarebytes Anti-Malware 1.70.0.1100www.malwarebytes.org
 
 Datenbank Version: v2013.04.02.05
 
 Windows Vista Service Pack 2 x86 NTFS
 Internet Explorer 9.0.8112.16421
 Katharina :: KATHARINA-PC [Administrator]
 
 02.04.2013 10:27:14
 mbam-log-2013-04-02 (10-27-14).txt
 
 Art des Suchlaufs: Quick-Scan
 Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
 Deaktivierte Suchlaufeinstellungen: P2P
 Durchsuchte Objekte: 244166
 Laufzeit: 6 Minute(n), 41 Sekunde(n)
 
 Infizierte Speicherprozesse: 0
 (Keine bösartigen Objekte gefunden)
 
 Infizierte Speichermodule: 0
 (Keine bösartigen Objekte gefunden)
 
 Infizierte Registrierungsschlüssel: 0
 (Keine bösartigen Objekte gefunden)
 
 Infizierte Registrierungswerte: 0
 (Keine bösartigen Objekte gefunden)
 
 Infizierte Dateiobjekte der Registrierung: 0
 (Keine bösartigen Objekte gefunden)
 
 Infizierte Verzeichnisse: 0
 (Keine bösartigen Objekte gefunden)
 
 Infizierte Dateien: 1
 C:\Users\Katharina\AppData\Local\Temp\htd69mtcmgmo928n43l3sx.exe (Trojan.Lameshield.124) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 
 (Ende)
 
OTL   Code: 
 OTL logfile created on: 02.04.2013 11:01:48 - Run 1OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Katharina\Desktop
 Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
 Internet Explorer (Version = 9.0.8112.16421)
 Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
 1,97 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 40,58% Memory free
 4,16 Gb Paging File | 2,88 Gb Available in Paging File | 69,05% Paging File free
 Paging file location(s): ?:\pagefile.sys [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
 Drive C: | 116,44 Gb Total Space | 56,11 Gb Free Space | 48,19% Space Free | Partition Type: NTFS
 Drive D: | 106,68 Gb Total Space | 95,24 Gb Free Space | 89,28% Space Free | Partition Type: NTFS
 
 Computer Name: KATHARINA-PC | User Name: Katharina | Logged in as Administrator.
 Boot Mode: Normal | Scan Mode: Current user | Quick Scan
 Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
 ========== Processes (SafeList) ==========
 
 PRC - [2013.04.02 10:53:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Katharina\Desktop\OTL.exe
 PRC - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
 PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
 PRC - [2012.11.25 14:43:59 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
 PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
 PRC - [2012.07.01 16:27:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
 PRC - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
 PRC - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
 PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 PRC - [2008.11.12 07:11:15 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
 PRC - [2008.07.09 19:14:06 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
 PRC - [2008.06.19 22:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
 PRC - [2008.06.18 08:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
 PRC - [2008.06.13 07:52:51 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
 PRC - [2008.04.10 21:32:18 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
 PRC - [2008.01.24 01:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
 PRC - [2008.01.16 03:27:10 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
 PRC - [2007.12.12 02:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
 PRC - [2007.12.04 20:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
 PRC - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
 PRC - [2007.11.29 03:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
 PRC - [2007.11.05 05:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
 PRC - [2007.10.03 07:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
 PRC - [2007.08.23 06:23:43 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 PRC - [2007.08.15 21:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
 PRC - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
 PRC - [2007.08.03 22:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
 PRC - [2007.07.06 02:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
 PRC - [2007.02.06 19:29:59 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
 PRC - [2005.07.07 01:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
 ========== Modules (No Company Name) ==========
 
 MOD - [2012.07.01 16:27:37 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
 MOD - [2008.11.12 07:11:15 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
 MOD - [2008.04.10 21:25:54 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
 MOD - [2008.01.24 01:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
 MOD - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
 MOD - [2007.08.14 23:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
 MOD - [2007.07.12 23:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 MOD - [2007.07.12 23:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
 
 
 ========== Services (SafeList) ==========
 
 SRV - File not found [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
 SRV - [2013.03.14 10:06:30 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
 SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
 SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
 SRV - [2012.11.25 14:43:59 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet)
 SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
 SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
 SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
 SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
 SRV - [2008.01.21 04:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 SRV - [2007.10.03 07:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
 SRV - [2007.08.23 06:23:43 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 SRV - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
 SRV - [2007.08.03 22:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 SRV - [2007.02.06 19:29:59 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
 SRV - [2006.06.21 12:13:59 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll -- (ASChannel)
 
 
 ========== Driver Services (SafeList) ==========
 
 DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
 DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
 DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
 DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
 DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
 DRV - [2011.09.13 18:52:20 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
 DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 DRV - [2008.06.29 23:52:25 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
 DRV - [2008.06.26 00:30:49 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
 DRV - [2008.06.06 06:54:09 | 000,161,024 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMIksdrv.sys -- (usbsmi)
 DRV - [2008.06.03 08:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
 DRV - [2008.05.29 20:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
 DRV - [2008.02.16 03:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
 DRV - [2007.08.23 04:22:07 | 001,201,312 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 DRV - [2007.08.03 06:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
 DRV - [2007.07.30 21:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
 DRV - [2007.07.30 20:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
 DRV - [2007.07.24 21:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
 DRV - [2007.06.17 07:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
 DRV - [2007.04.25 14:32:42 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
 DRV - [2006.12.14 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
 DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
 
 
 ========== Standard Registry (SafeList) ==========
 
 
 ========== Internet Explorer ==========
 
 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
 IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
 
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS_de
 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 ========== FireFox ==========
 
 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120910
 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.5.9
 FF - user.js - File not found
 
 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
 FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
 FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
 FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
 FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
 FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.01 16:27:39 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.28 13:15:11 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2012.08.21 10:44:15 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins
 FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2012.08.21 10:44:15 | 000,000,000 | ---D | M]
 FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins
 
 [2010.12.23 16:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katharina\AppData\Roaming\mozilla\Extensions
 [2013.04.02 10:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\vt9sspvc.default\extensions
 [2010.12.24 01:29:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\vt9sspvc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
 [2012.12.15 11:01:24 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\vt9sspvc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
 [2013.04.02 10:51:43 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\Katharina\AppData\Roaming\mozilla\firefox\profiles\vt9sspvc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
 [2012.09.19 14:44:53 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Katharina\AppData\Roaming\mozilla\firefox\profiles\vt9sspvc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 [2011.08.15 17:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
 [2012.01.25 23:25:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
 [2012.07.01 16:27:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
 [2012.07.01 16:27:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
 [2012.07.01 16:27:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 [2012.07.01 16:27:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
 [2012.07.01 16:27:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 [2012.07.01 16:27:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 [2012.07.01 16:27:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
 O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
 O1 - Hosts: 127.0.0.1       localhost
 O1 - Hosts: ::1             localhost
 O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
 O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
 O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
 O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
 O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
 O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
 O4 - HKLM..\Run: []  File not found
 O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
 O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
 O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
 O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule File not found
 O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe ()
 O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
 O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe File not found
 O4 - HKLM..\Run: [Skytel] Skytel.exe File not found
 O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
 O9 - Extra Button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.)
 O9 - Extra 'Tools' menuitem : ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.)
 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
 O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
 O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
 O13 - gopher Prefix: missing
 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KFO.local
 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB7648E5-4F75-4D9C-B469-590BACB79C52}: DhcpNameServer = 192.168.2.1
 O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
 O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
 O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
 O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
 O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
 O20 - AppInit_DLLs: (APSHook.dll) -  File not found
 O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
 O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
 O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
 O20 - HKCU Winlogon: Shell - (explorer.exe) -  File not found
 O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
 O24 - Desktop WallPaper: C:\Windows\ASUS\wallpapers\ASUS3.jpg
 O24 - Desktop BackupWallPaper: C:\Windows\ASUS\wallpapers\ASUS3.jpg
 O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
 O32 - HKLM CDRom: AutoRun - 1
 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
 O34 - HKLM BootExecute: (autocheck autochk *)
 O35 - HKLM\..comfile [open] -- "%1" %*
 O35 - HKLM\..exefile [open] -- "%1" %*
 O37 - HKLM\...com [@ = comfile] -- "%1" %*
 O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
 O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
 ========== Files/Folders - Created Within 30 Days ==========
 
 [2013.04.02 10:53:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Katharina\Desktop\OTL.exe
 [2013.04.02 10:50:04 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD
 
 ========== Files - Modified Within 30 Days ==========
 
 [2013.04.02 10:57:21 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat
 [2013.04.02 10:57:21 | 000,131,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat
 [2013.04.02 10:57:21 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 [2013.04.02 10:57:21 | 000,013,514 | ---- | M] () -- C:\Windows\System32\perfh009.dat
 [2013.04.02 10:53:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Katharina\Desktop\OTL.exe
 [2013.04.02 10:49:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
 [2013.04.02 10:49:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
 [2013.04.02 10:49:49 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
 [2013.04.02 10:49:47 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
 [2013.04.02 10:49:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
 [2013.04.02 10:49:40 | 2110,902,272 | -HS- | M] () -- C:\hiberfil.sys
 [2013.04.02 10:48:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
 [2013.04.02 10:47:52 | 000,000,020 | ---- | M] () -- C:\Users\Katharina\defogger_reenable
 [2013.04.02 10:46:31 | 000,050,477 | ---- | M] () -- C:\Users\Katharina\Desktop\Defogger.exe
 [2013.04.02 10:25:33 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
 [2013.04.02 10:20:20 | 000,000,004 | ---- | M] () -- C:\Users\Katharina\AppData\Roaming\skype.ini
 [2013.04.02 10:05:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
 [2013.04.02 09:56:02 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
 
 ========== Files Created - No Company Name ==========
 
 [2013.04.02 10:47:20 | 000,000,020 | ---- | C] () -- C:\Users\Katharina\defogger_reenable
 [2013.04.02 10:46:25 | 000,050,477 | ---- | C] () -- C:\Users\Katharina\Desktop\Defogger.exe
 [2013.03.31 17:14:17 | 000,000,004 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\skype.ini
 [2012.12.15 11:21:01 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
 [2012.10.28 15:37:31 | 000,000,432 | ---- | C] () -- C:\Users\Katharina\HalloMama.class
 [2012.10.28 15:35:56 | 000,000,146 | ---- | C] () -- C:\Users\Katharina\Hallomama.java
 [2012.04.09 13:41:22 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
 [2009.06.03 14:33:51 | 000,004,608 | ---- | C] () -- C:\Users\Katharina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 [2009.06.02 23:39:17 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 [2008.07.02 05:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
 [2008.05.22 19:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
 
 ========== ZeroAccess Check ==========
 
 [2006.11.02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
 [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
 [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
 [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Apartment
 
 [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
 "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Free
 
 [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Both
 
 ========== LOP Check ==========
 
 [2011.08.14 00:43:15 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Ableton
 [2009.06.02 19:03:03 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\DentalSoftware
 [2012.04.09 15:32:58 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\IrfanView
 [2012.03.18 12:17:42 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Thunderbird
 
 ========== Purity Check ==========
 
 
 
 ========== Alternate Data Streams ==========
 
 @Alternate Data Stream - 849 bytes -> C:\Users\Katharina\Desktop\Nachricht von timandstella.eml:OECustomProperty
 
 < End of report >
 Extras    Code: 
 OTL Extras logfile created on: 02.04.2013 11:01:48 - Run 1OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Katharina\Desktop
 Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
 Internet Explorer (Version = 9.0.8112.16421)
 Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
 1,97 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 40,58% Memory free
 4,16 Gb Paging File | 2,88 Gb Available in Paging File | 69,05% Paging File free
 Paging file location(s): ?:\pagefile.sys [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
 Drive C: | 116,44 Gb Total Space | 56,11 Gb Free Space | 48,19% Space Free | Partition Type: NTFS
 Drive D: | 106,68 Gb Total Space | 95,24 Gb Free Space | 89,28% Space Free | Partition Type: NTFS
 
 Computer Name: KATHARINA-PC | User Name: Katharina | Logged in as Administrator.
 Boot Mode: Normal | Scan Mode: Current user | Quick Scan
 Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
 ========== Extra Registry (SafeList) ==========
 
 
 ========== File Associations ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
 .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 .reg [@ = regfile] -- regedit.exe "%1"
 
 [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
 .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
 ========== Shell Spawning ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
 batfile [open] -- "%1" %*
 cmdfile [open] -- "%1" %*
 comfile [open] -- "%1" %*
 cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
 exefile [open] -- "%1" %*
 helpfile [open] -- Reg Error: Key error.
 hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
 htmlfile [edit] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
 htmlfile [print] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
 inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
 piffile [open] -- "%1" %*
 regfile [open] -- regedit.exe "%1"
 regfile [merge] -- Reg Error: Key error.
 scrfile [config] -- "%1"
 scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
 scrfile [open] -- "%1" /S
 txtfile [edit] -- Reg Error: Key error.
 Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
 Directory [cmd] -- cmd.exe /s /k pushd "%V"
 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
 Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
 Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
 ========== Security Center Settings ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 "cval" = 1
 "UacDisableNotify" = 0
 "InternetSettingsDisableNotify" = 0
 "AutoUpdateDisableNotify" = 0
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 "DisableMonitoring" = 1
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring" = 1
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 "DisableMonitoring" = 1
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 "AntiVirusOverride" = 0
 "AntiSpywareOverride" = 0
 "FirewallOverride" = 0
 "VistaSp1" = Reg Error: Unknown registry data type -- File not found
 "VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
 ========== Firewall Settings ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 "EnableFirewall" = 1
 "DisableNotifications" = 0
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 "EnableFirewall" = 1
 "DisableNotifications" = 0
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
 "EnableFirewall" = 1
 "DisableNotifications" = 0
 
 ========== Authorized Applications List ==========
 
 
 ========== Vista Active Open Ports Exception List ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 "{0694936B-0EFF-49CC-A232-71DE0EE5AB04}" = lport=138 | protocol=17 | dir=in | app=system |
 "{1F7771A6-EDB2-4DFB-BC1A-4CD3232C89E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 "{4CBA825C-E09B-485A-B42D-D8E2F953F3A5}" = rport=137 | protocol=17 | dir=out | app=system |
 "{6AC3EA34-ED32-4A6D-95C4-C9F0B96BD4B6}" = lport=445 | protocol=6 | dir=in | app=system |
 "{7FC462F5-F78A-4A45-A232-5AE45E803B27}" = lport=139 | protocol=6 | dir=in | app=system |
 "{89B159B3-DD64-432E-80D9-5EAE37B5B943}" = lport=137 | protocol=17 | dir=in | app=system |
 "{A06E57C1-2C8F-45DD-B1F0-1AD911ACE51C}" = rport=138 | protocol=17 | dir=out | app=system |
 "{EA6E13EF-45EC-4339-8FD3-2348B120B1E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
 "{F70E8733-E69D-4796-A5E6-8E3972952351}" = rport=139 | protocol=6 | dir=out | app=system |
 "{F997925D-3367-4991-926F-DF9057FD5584}" = rport=445 | protocol=6 | dir=out | app=system |
 
 ========== Vista Active Application Exception List ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 "{06B10699-6BC9-4368-9543-2FB9C746664D}" = dir=in | app=c:\program files\asustek\asusdvd\powerdvd.exe |
 "{0D07C9CA-92CE-4D5C-A9A5-08CC869CC042}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
 "{43A5084C-063D-4E60-B6B4-8327906175A9}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
 "{44EAD8D7-9FB7-4865-964E-6378F9903E2A}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
 "{49ECEF98-BF3A-40CB-997F-FDDEFD745B4D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
 "{5B2A6147-1B3A-4B04-83F5-0E515669B95A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
 "{5CC20CD3-F212-4C5F-A806-6920EFFACE22}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
 "{6E71BAB8-53C4-455A-8AF9-FC2A0B30E18A}" = protocol=6 | dir=in | app=c:\program files\starcraft ii demo\starcraft ii.exe |
 "{843428C6-9DE0-47BE-BB67-EEF5EF2CD8D2}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
 "{84EAB318-94A4-49C2-9D19-6C1C962A306B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
 "{8AE04C4E-D8EF-492E-AB38-214BFDBDB17C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
 "{A0826932-C992-4501-8E78-C7C0930213AA}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
 "{A1C90967-6B82-425A-BA12-E3E1356FA194}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
 "{A9E54C9E-F28A-44A0-8585-F5923EBEC87B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
 "{D07E0991-3ECD-4EB5-8C84-9624C56ABBAE}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
 "{EB2D0D8F-BE8D-48B0-A0CD-6DB1D5E68D80}" = protocol=17 | dir=in | app=c:\program files\starcraft ii demo\starcraft ii.exe |
 "TCP Query User{27235672-247E-4186-BFB4-EB5D719AA721}C:\users\katharina\downloads\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\katharina\downloads\starcraft_2_eu_de-de.exe |
 "TCP Query User{3ACBC6BE-C762-4482-9BB3-3EB2AB69DC4F}C:\users\katharina\downloads\starcraft_2_eu_de-de(3).exe" = protocol=6 | dir=in | app=c:\users\katharina\downloads\starcraft_2_eu_de-de(3).exe |
 "TCP Query User{56F27023-92C7-4AA1-BC84-C7A238C60E93}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
 "TCP Query User{6F40AB74-6997-460B-903A-3E9A5F561D92}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe |
 "TCP Query User{7AF1B6E1-E265-45FD-8394-2BF95A3D963D}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
 "TCP Query User{83ABEF13-F511-4FDE-83B4-8B08992465C3}C:\users\katharina\downloads\starcraft_2_eu_de-de(1).exe" = protocol=6 | dir=in | app=c:\users\katharina\downloads\starcraft_2_eu_de-de(1).exe |
 "TCP Query User{C965336B-356A-44B2-A47F-CE8038B9D14B}C:\users\katharina\downloads\starcraft_2_eu_de-de(2).exe" = protocol=6 | dir=in | app=c:\users\katharina\downloads\starcraft_2_eu_de-de(2).exe |
 "TCP Query User{FDD656E0-82AC-45AF-924C-3770178293FA}C:\program files\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |
 "UDP Query User{0898CFF8-4BFD-49D5-9226-8464A244C92F}C:\program files\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |
 "UDP Query User{40E97500-B075-4FC6-AF8A-62AE1A365E5C}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe |
 "UDP Query User{44C33CEB-F620-43F6-9882-00CACD26FAD4}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
 "UDP Query User{52DEFB6F-198D-48EC-9E47-CF085CD48887}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
 "UDP Query User{9FEB2C2E-A04C-4AD1-BAC0-8C3ECFC2B8F5}C:\users\katharina\downloads\starcraft_2_eu_de-de(2).exe" = protocol=17 | dir=in | app=c:\users\katharina\downloads\starcraft_2_eu_de-de(2).exe |
 "UDP Query User{AC428C85-E2AF-45C6-AB34-9F9F43B17C95}C:\users\katharina\downloads\starcraft_2_eu_de-de(3).exe" = protocol=17 | dir=in | app=c:\users\katharina\downloads\starcraft_2_eu_de-de(3).exe |
 "UDP Query User{C3538854-B4E3-4306-B954-5026A944F356}C:\users\katharina\downloads\starcraft_2_eu_de-de(1).exe" = protocol=17 | dir=in | app=c:\users\katharina\downloads\starcraft_2_eu_de-de(1).exe |
 "UDP Query User{FE439D48-1207-4ABA-A99A-58B1B7E1025A}C:\users\katharina\downloads\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\katharina\downloads\starcraft_2_eu_de-de.exe |
 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
 "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
 "{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe
 "{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
 "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
 "{250F0996-1830-40C8-9B1D-6874D808DD95}" = ChkMail
 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
 "{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
 "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
 "{32A3A4F4-B792-11D6-A78A-00B0D0170090}" = Java SE Development Kit 7 Update 9
 "{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
 "{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
 "{45015CD6-4E70-4D1F-811E-2906B23BF27F}" = Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten
 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
 "{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
 "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
 "{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
 "{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
 "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
 "{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
 "{75674E4C-CDE5-4E64-8014-FDF6D9204C4B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
 "{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
 "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
 "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
 "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
 "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
 "{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
 "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
 "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
 "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
 "{D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}" = ASUS Security Protect Manager
 "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
 "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
 "{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
 "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 "{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
 "Agere Systems Soft Modem" = Agere Systems HDA Modem
 "Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
 "CCleaner" = CCleaner
 "FrWin" = Fernröntgenanalyse
 "HDMI" = Intel(R) Graphics Media Accelerator Driver
 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
 "IrfanView" = IrfanView (remove only)
 "Live 8.2.2" = Live 8.2.2
 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 "Microsoft Security Client" = Microsoft Security Essentials
 "Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
 "Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
 "Picasa2" = Picasa 2
 "StomaWin" = Praxisverwaltung
 "SynTPDeinstKey" = Synaptics Pointing Device Driver
 "USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
 "WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
 ========== HKEY_CURRENT_USER Uninstall List ==========
 
 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 "Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
 
 ========== Last 20 Event Log Errors ==========
 
 [ Application Events ]
 Error - 02.03.2013 15:03:20 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
 Description =
 
 Error - 03.03.2013 05:22:00 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
 Description =
 
 Error - 05.03.2013 08:14:24 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
 Description =
 
 Error - 10.03.2013 04:00:38 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
 Description =
 
 Error - 10.03.2013 05:47:49 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
 Description =
 
 Error - 10.03.2013 08:19:12 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
 Description =
 
 Error - 11.03.2013 03:40:12 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
 Description =
 
 Error - 13.03.2013 04:38:32 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
 Description =
 
 Error - 13.03.2013 07:20:12 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
 Description =
 
 Error - 14.03.2013 03:41:43 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
 Description =
 
 [ ASUS Security Protect Manager Events ]
 Error - 02.06.2009 16:08:51 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
 Description = The submitted credentials were rejected.    User: Katharina@KFO Credentials:
 Password   Error: (0x8007051F) There are currently no logon servers available to
 service the logon request.
 
 Error - 02.06.2009 16:10:59 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
 Description = The submitted credentials were rejected.    User: Katharina@KATHARINA-PC
 Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
 Error - 02.06.2009 16:11:53 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
 Description = The submitted credentials were rejected.    User: Katharina-PC@KFO Credentials:
 Password   Error: (0x8007051F) There are currently no logon servers available to
 service the logon request.
 
 Error - 02.06.2009 16:12:12 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
 Description = The submitted credentials were rejected.    User: MA@KFO Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
 Error - 02.06.2009 16:12:29 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
 Description = The submitted credentials were rejected.    User: MA@KFO Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
 Error - 02.06.2009 16:13:03 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
 Description = The submitted credentials were rejected.    User: MA@KFO Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
 Error - 02.06.2009 16:13:33 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
 Description = The submitted credentials were rejected.    User: MA@KFO Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
 Error - 18.07.2011 13:48:28 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
 Description = The submitted credentials were rejected.    User: Katharina@KATHARINA-PC
 Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
 Error - 18.07.2011 13:48:36 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
 Description = The submitted credentials were rejected.    User: Katharina@KATHARINA-PC
 Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
 Error - 18.07.2011 14:41:57 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
 Description = The submitted credentials were rejected.    User: Katharina@KATHARINA-PC
 Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
 [ System Events ]
 Error - 02.04.2013 03:53:37 | Computer Name = Katharina-PC.KFO.local | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
 Description =
 
 Error - 02.04.2013 04:21:47 | Computer Name = Katharina-PC.KFO.local | Source = NETLOGON | ID = 5719
 Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne KFO aufgrund der folgenden  Ursache:   %%1311 nicht einrichten.    Dies kann
 zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer mit
 dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn das
 Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein Domänencontroller
 der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären  Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine
 sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
 Error - 02.04.2013 04:22:05 | Computer Name = Katharina-PC.KFO.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
 Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
 Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
 und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
 Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
 Error - 02.04.2013 04:25:07 | Computer Name = Katharina-PC.KFO.local | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
 Description =
 
 Error - 02.04.2013 04:42:39 | Computer Name = Katharina-PC.KFO.local | Source = NETLOGON | ID = 5719
 Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne KFO aufgrund der folgenden  Ursache:   %%1311 nicht einrichten.    Dies kann
 zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer mit
 dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn das
 Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein Domänencontroller
 der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären  Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine
 sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
 Error - 02.04.2013 04:42:57 | Computer Name = Katharina-PC.KFO.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
 Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
 Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
 und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
 Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
 Error - 02.04.2013 04:44:57 | Computer Name = Katharina-PC.KFO.local | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
 Description =
 
 Error - 02.04.2013 04:49:46 | Computer Name = Katharina-PC.KFO.local | Source = NETLOGON | ID = 5719
 Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne KFO aufgrund der folgenden  Ursache:   %%1311 nicht einrichten.    Dies kann
 zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer mit
 dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn das
 Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein Domänencontroller
 der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären  Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine
 sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
 Error - 02.04.2013 04:50:05 | Computer Name = Katharina-PC.KFO.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
 Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
 Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
 und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
 Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
 Error - 02.04.2013 04:51:15 | Computer Name = Katharina-PC.KFO.local | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
 Description =
 
 
 < End of report >
 Gmer.txt   Code: 
 GMER 2.1.19115 - hxxp://www.gmer.netRootkit scan 2013-04-02 12:01:22
 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925032 rev.0303 232,89GB
 Running: gmer_2.1.19115.exe; Driver: C:\Users\KATHAR~1\AppData\Local\Temp\kxtcquoc.sys
 
 
 ---- Devices - GMER 2.1 ----
 
 AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                               Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
 AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                               Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
 AttachedDevice  \FileSystem\fastfat \Fat                                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 
 ---- Registry - GMER 2.1 ----
 
 Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243c480c7
 Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
 Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                   0
 Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                0x28 0x69 0x9D 0x4C ...
 Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243c480c7 (not active ControlSet)
 Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
 Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                       0
 Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                    0x28 0x69 0x9D 0x4C ...
 
 ---- Disk sectors - GMER 2.1 ----
 
 Disk            \Device\Harddisk0\DR0                                                                                 unknown MBR code
 
 ---- EOF - GMER 2.1 ----
 |