Windows Vista: Pc Probleme

Ausserdem kommt jedesmal wenn ich ins Netz gehe, dass ein anderer Computer mit der gleichen ID im Netz schon ist, was mich komisch dünkt.

Wenn ein Virus/Trojaner in das System eingedrungen und aktiv ist, kann man nie vollkommen sicher sein ihn wieder los zu werden. Das klingt vielleicht brutal, aber hier ist es immer am besten die Daten zu sichern und das System neu aufzuspielen. Warum dies so ist, würde den Rahmen hier sprengen, dies ist eine dringende Empfehlung. 

Herzlichen Dank für die Antwort.

Leider kann ich das System nicht wider neu aufsetzten, da es um einen geschenkten Businesspc handelt, der viele zusätzlichen Programme drauf hat, die dann verlohren gehen. Ausserdem habe ich weder den Vistacode noch eine Cd davon.

OTL Extras logfile created on: 16.05.2012 23:57:06 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\rkes\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.90 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 31.61% Memory free
6.01 Gb Paging File | 4.03 Gb Available in Paging File | 67.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.88 Gb Total Space | 182.31 Gb Free Space | 81.80% Space Free | Partition Type: NTFS
Drive D: | 9.00 Gb Total Space | 1.89 Gb Free Space | 21.04% Space Free | Partition Type: NTFS
Drive F: | 1021.00 Mb Total Space | 990.85 Mb Free Space | 97.05% Space Free | Partition Type: FAT32
 
Computer Name: ITCCHRKES | User Name: rkes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DF42572-9A50-4407-A8E9-B097808AC71C}" = rport=138 | protocol=17 | dir=out | app=system |
"{0E4900B3-3D0F-4B78-A86D-A775B9F9A333}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{106612B0-435F-40FC-89B5-79DF0A0D0A0E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{15A28513-A821-438A-882D-676EDEF4EC56}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2263BAB0-C2CF-4292-981C-3D58C5943D75}" = lport=139 | protocol=6 | dir=in | app=system |
"{23C5E273-7387-4261-9F1B-D8E66CF515C4}" = rport=445 | protocol=6 | dir=out | app=system |
"{2B691949-3CFF-4BE7-9036-14BE02FDFA7F}" = lport=137 | protocol=17 | dir=in | app=system |
"{41870C5D-7F13-4052-A36D-F6D34908AF07}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4A5616B9-4EF7-443D-BB9D-B1C287934EC4}" = rport=139 | protocol=6 | dir=out | app=system |
"{4F5ACBBF-A086-421D-8692-DB7232B79729}" = rport=137 | protocol=17 | dir=out | app=system |
"{51640838-5D32-4C0B-AC1D-9E830D0DF650}" = lport=138 | protocol=17 | dir=in | app=system |
"{61D432C0-1167-4F23-AB8C-5CA616E99C4C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8C697D5E-B4DC-43A9-BCED-C475E02E317A}" = lport=445 | protocol=6 | dir=in | app=system |
"{8E19491A-1488-4044-A08A-1B8F1C747CD6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A34813F3-1EDA-4F1D-9718-060FC73422F1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B4C817D2-52C9-4DEC-BA1B-E0FCD9FE8C60}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BCF99747-27F6-4A91-8D3F-93335C1E3698}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D412488E-BED2-4109-B2BC-EC2A6C9A962F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2C63535-7AD9-4566-AA93-AB6DA7DCB0E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E56240EE-243F-4328-9D52-1B3E82DC5464}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7559E26-C620-4166-9BEE-0A09073D8CD3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016AAD1C-AA12-421D-8A07-E21A687EB977}" = protocol=1 | dir=in | [email protected],-28543 |
"{035FF348-9150-4673-BE62-65368883A326}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{24D10C0A-2FB9-48EA-8838-F2373FD19B2A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{25AD2E50-702E-4271-B4B5-F613FD0F35B1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{2717186B-27D3-42A2-B356-74ED48E821EE}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{32F0C5B9-62EA-4C65-846F-208B7CAF75A8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3D6D31D3-B7D6-40D7-A6A6-97DC031E8393}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{471DD0FF-2136-44AB-801B-8F9768219A4E}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{5366D385-A9FB-4C2D-A91E-D6E3993DEC51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{56FE392F-828C-4B77-8B7E-16E7626EA59E}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{63CC47F7-CC68-45E1-88E4-B6EE808B9D65}" = protocol=58 | dir=in | [email protected],-28545 |
"{6B247B23-A353-491C-B5B6-93C48DD42E4A}" = protocol=58 | dir=out | [email protected],-28546 |
"{6FA76E05-22DE-48B7-8FA5-4E63B7E99FA1}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{70FFE878-C9C2-4D77-8376-9BDCE7AA459C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{77BDBD3C-955A-4040-BEE1-FEEDEEC9B8DC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{7BE47AA2-6152-4539-9F4E-D3D262CD00AD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{86BAA5F7-D601-4D78-9AB1-56D1926BEDCD}" = protocol=1 | dir=out | [email protected],-28544 |
"{88C016E9-F863-4A1C-BC6C-EFF2B747EC3A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9799F1CA-69C5-40E1-BE58-CC674E93323A}" = protocol=6 | dir=in | app=c:\users\rkes\appdata\local\temp\internet turbo\bundlesweetimsetup.exe |
"{A2F78160-2287-4481-9827-821369595B11}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B011DFBF-0D9B-4F47-8F96-CB49ADEAFB9C}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{B854AD96-D92C-4165-8DB4-13F0A4EBECA4}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{CDAA7FCB-9136-4C65-9284-84F5F948FFDA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DC16476E-E6AF-4A3E-8AE9-4D46F3F5FB28}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{E7F04F13-009D-4A74-ACDB-5D4948223B7C}" = protocol=17 | dir=in | app=c:\users\rkes\appdata\local\temp\internet turbo\bundlesweetimsetup.exe |
"{ED5E8D4F-DF48-404D-AA68-8FEED93D6DF4}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{EE029B6D-6299-464D-AA2E-4CB0221BE386}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F5D3E909-3E5E-40C1-BE7C-91E35BDCB764}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"TCP Query User{3C3EAF4D-1FF1-43F1-AE5A-A78C9901EF6C}C:\users\rkes\appdata\local\temp\i1270628446\windows\resource\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\rkes\appdata\local\temp\i1270628446\windows\resource\jre\bin\javaw.exe |
"TCP Query User{3FFD7E09-70B0-4F8C-ABE2-920778F32FCB}C:\users\rkes\appdata\local\temp\i1270630326\windows\resource\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\rkes\appdata\local\temp\i1270630326\windows\resource\jre\bin\javaw.exe |
"TCP Query User{49A88F91-C57F-46CA-BCC6-51E04E521321}C:\windows\system32\mstsc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mstsc.exe |
"TCP Query User{812697A9-06A2-45CD-8C86-A2E0116AC6C2}C:\windows\system32\mstsc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mstsc.exe |
"TCP Query User{B1743F9C-E3E1-4CF1-8786-1700DF6A995E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{C4D844A4-2BEC-42F0-BA4A-4040C6082928}E:\windows\dsassistant\application\dsassistant.exe" = protocol=6 | dir=in | app=e:\windows\dsassistant\application\dsassistant.exe |
"TCP Query User{C802F080-E604-4168-BE78-30F626A031D1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{E88D2AFD-5745-4139-B7C5-7A0B6D49F771}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{ED33619C-6F0B-4319-B713-5C99608C846E}C:\users\rkes\appdata\local\temp\i1270631767\windows\resource\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\rkes\appdata\local\temp\i1270631767\windows\resource\jre\bin\javaw.exe |
"TCP Query User{FDF779CE-2EDE-4359-986E-7D10A9179923}C:\users\rkes\appdata\local\temp\i1270629254\windows\resource\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\rkes\appdata\local\temp\i1270629254\windows\resource\jre\bin\javaw.exe |
"UDP Query User{061F8B28-864F-44DF-859C-E442BA0FA24D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{09F01EAD-BBE7-437C-AE67-EC0B901F3CA0}C:\users\hallo\appdata\local\temp\i1270629254\windows\resource\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\hallo\appdata\local\temp\i1270629254\windows\resource\jre\bin\javaw.exe |
"UDP Query User{0BB9C67C-9932-4DE4-BD66-D8C5CEB1434E}E:\windows\dsassistant\application\dsassistant.exe" = protocol=17 | dir=in | app=e:\windows\dsassistant\application\dsassistant.exe |
"UDP Query User{1B4FDB98-F4F7-4406-BEE4-89ED436558AC}C:\windows\system32\mstsc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mstsc.exe |
"UDP Query User{7FFF6B01-1636-493B-8D7B-D18155597C11}C:\users\hallo\appdata\local\temp\i1270628446\windows\resource\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\hallo\appdata\local\temp\i1270628446\windows\resource\jre\bin\javaw.exe |
"UDP Query User{A6747924-DE29-4A38-ACC2-F6993FA543E4}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{CA7D9F9D-467B-4D84-8C36-9A374F085C44}C:\windows\system32\mstsc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mstsc.exe |
"UDP Query User{D43CB97B-FC5C-4905-B16B-7C9719120A5F}C:\users\hallo\appdata\local\temp\i1270631767\windows\resource\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\hallo\appdata\local\temp\i1270631767\windows\resource\jre\bin\javaw.exe |
"UDP Query User{DAD3ECF0-91CA-492E-AD14-927E11E68685}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{F049BFB9-2384-4129-B99B-AB2A42CED8B2}C:\users\hallo\appdata\local\temp\i1270630326\windows\resource\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\hallo\appdata\local\temp\i1270630326\windows\resource\jre\bin\javaw.exe |
 

color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{129FC9F8-206B-4C29-9B45-8D53B10EC6C7}" = xVideoServiceThief
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 23
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56D060AE-62B5-4086-BC19-5CB1CC9936E4}" = Brother MFC-9840CDW
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{819F6BAD-35DA-4094-BCE6-F57AACE116D1}" = ESU for Microsoft Vista SP1
"{8595812B-9104-4196-B629-FD298D819399}" = HP User Guides 0097
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BE66348A-E83F-4982-941F-DFF2F742B851}" = Microsoft Office Live Meeting 2007
"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}" = Symantec Endpoint Protection
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}" = AuthenTec Fingerprint System
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced 9.25
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP QuickLook 2_is1" = HP QuickLook 2
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"PDF Complete" = PDF Complete
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"STANDARD" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.05.2012 14:19:11 | Computer Name = itcchhallo.ITCCH.local | Source = Symantec AntiVirus | ID = 16711725
Description =       SYMANTEC TAMPER PROTECTION ALERT    Target:  C:\Program Files\Symantec\Symantec
 Endpoint Protection\Smc.exe  Event Info:  Beenden Vorgang  Action Taken:  Protokolliert
Actor
 Process:  C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (PID 2480)  Time:
  Mittwoch, 16. Mai 2012  20:19:11
 
Error - 16.05.2012 14:59:31 | Computer Name = itcchhallo.ITCCH.local | Source = System Restore | ID = 8209
Description =
 
Error - 16.05.2012 15:05:52 | Computer Name = itcchhallo.ITCCH.local | Source = Windows Search Service | ID = 7040
Description =
 
Error - 16.05.2012 15:05:52 | Computer Name = itcchhallo.ITCCH.local | Source = Windows Search Service | ID = 7040
Description =
 
Error - 16.05.2012 15:05:52 | Computer Name = itcchhallo.ITCCH.local | Source = Windows Search Service | ID = 3029
Description =
 
Error - 16.05.2012 15:05:52 | Computer Name = itcchhallo.ITCCH.local | Source = Windows Search Service | ID = 3028
Description =
 
Error - 16.05.2012 15:05:52 | Computer Name = itcchhallo.ITCCH.local | Source = Windows Search Service | ID = 3058
Description =
 
Error - 16.05.2012 16:41:36 | Computer Name = itcchhallo.ITCCH.local | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul QuickTime.cpl, Version 7.69.80.9, Zeitstempel 0x4cf451bb,
 Ausnahmecode 0xc0000409, Fehleroffset 0x0000aa2a,  Prozess-ID 0xfa4, Anwendungsstartzeit
 01cd33a44656c020.
 
Error - 16.05.2012 16:47:19 | Computer Name = itcchhallo.ITCCH.local | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.6661.5000 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: c58  Anfangszeit: 01cd33a4eca49a60  Zeitpunkt
 der Beendigung: 6
 
Error - 16.05.2012 17:09:35 | Computer Name = itcchhallo.ITCCH.local | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.4280, Zeitstempel
 0x4e78bec7, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00048762,  Prozess-ID 0x254, Anwendungsstartzeit
 01cd33a7a4d238c0.
 
[ OSession Events ]
Error - 11.04.2011 13:17:03 | Computer Name = itcchhallo.ITCCH.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18.04.2011 01:04:25 | Computer Name = itcchhallo.ITCCH.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18.04.2011 14:41:40 | Computer Name = itcchhallo.ITCCH.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19.04.2011 09:36:12 | Computer Name = itcchhallo.ITCCH.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.04.2011 04:21:25 | Computer Name = itcchhallo.ITCCH.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.05.2011 15:51:51 | Computer Name = itcchhallo.ITCCH.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.05.2011 02:42:06 | Computer Name = itcchhallo.ITCCH.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.05.2011 02:59:00 | Computer Name = itcchhallo.ITCCH.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.05.2011 14:29:14 | Computer Name = itcchhallo.ITCCH.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.08.2011 08:14:00 | Computer Name = itcchhallo.ITCCH.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 16.05.2012 16:47:04 | Computer Name = itcchhallo.ITCCH.local | Source = Service Control Manager | ID = 7034
Description =
 
Error - 16.05.2012 17:05:11 | Computer Name = itcchhallo.ITCCH.local | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 0.0.0.0 mit dem
 Computer mit der  Netzwerkhardwareadresse 00-00-00-00-CC-9D ermittelt. Netzwerkvorgänge
 könnten daher auf diesem  System unterbrochen werden.
 
Error - 16.05.2012 17:08:42 | Computer Name = itcchhallo.ITCCH.local | Source = Service Control Manager | ID = 7034
Description =
 
Error - 16.05.2012 17:10:12 | Computer Name = itcchhallo.ITCCH.local | Source = Service Control Manager | ID = 7034
Description =
 
Error - 16.05.2012 17:10:12 | Computer Name = itcchhallo.ITCCH.local | Source = Service Control Manager | ID = 7031
Description =
 
Error - 16.05.2012 17:10:12 | Computer Name = itcchhallo.ITCCH.local | Source = Service Control Manager | ID = 7031
Description =
 
Error - 16.05.2012 17:10:12 | Computer Name = itcchhallo.ITCCH.local | Source = Service Control Manager | ID = 7031
Description =
 
Error - 16.05.2012 17:10:12 | Computer Name = itcchhallo.ITCCH.local | Source = Service Control Manager | ID = 7031
Description =
 
Error - 16.05.2012 17:10:12 | Computer Name = itcchhallo.ITCCH.local | Source = Service Control Manager | ID = 7031
Description =
 
Error - 16.05.2012 17:14:01 | Computer Name = itcchhallo.ITCCH.local | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 0.0.0.0 mit dem
 Computer mit der  Netzwerkhardwareadresse 00-00-00-00-DE-CC ermittelt. Netzwerkvorgänge
 könnten daher auf diesem  System unterbrochen werden.
 
 
< End of report >

OTL logfile created on: 16.05.2012 23:57:06 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\rkes\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.90 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 31.61% Memory free
6.01 Gb Paging File | 4.03 Gb Available in Paging File | 67.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.88 Gb Total Space | 182.31 Gb Free Space | 81.80% Space Free | Partition Type: NTFS
Drive D: | 9.00 Gb Total Space | 1.89 Gb Free Space | 21.04% Space Free | Partition Type: NTFS
Drive F: | 1021.00 Mb Total Space | 990.85 Mb Free Space | 97.05% Space Free | Partition Type: FAT32
 
Computer Name: ITCCHRKES | User Name: rkes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\rkes\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Sophos\Sophos Anti-Rootkit\sargui.exe (Sophos Group)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - c:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - c:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Mozilla Firefox\js3250.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (Pml Driver HPZ12) -- C:\windows\system32\HPZipm12.dll File not found
SRV - (Net Driver HPZ12) -- C:\windows\system32\HPZinw12.dll File not found
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ATService) -- c:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Symantec AntiVirus) -- C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (SmcService) -- C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (accoca) -- c:\Programme\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WtSmpFlt) -- system32\DRIVERS\wtsmpflt.sys File not found
DRV - (wtsmpadap) -- system32\DRIVERS\wtsmpadap.sys File not found
DRV - (vsdatant) -- a File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MEMSWEEP2) -- C:\windows\system32\C551.tmp File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120515.004\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120515.004\NAVENG.SYS (Symantec Corporation)
DRV - (WpsHelper) -- C:\Windows\System32\drivers\WpsHelper.sys (Symantec Corporation)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (COH_Mon) -- C:\Windows\System32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (SysPlant) -- C:\Windows\System32\drivers\SysPlant.sys (Symantec Corporation)
DRV - (WPS) -- C:\Windows\System32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\Windows\System32\drivers\teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=83&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10005’
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6B24C93E-0CBD-4349-B622-B0A03CF0251C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcmnbie7-de-ch
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10005’
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7WZPC_deCH361
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80772&lng=de
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "google.ch"
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&crg=3.1010000.10005&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.07 09:05:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.26 21:41:51 | 000,000,000 | ---D | M]
 
[2012.05.16 20:29:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hallo\AppData\Roaming\mozilla\Extensions
[2012.05.16 21:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hallo\AppData\Roaming\mozilla\Firefox\Profiles\35vk0sbv.default\extensions
[2012.05.16 21:28:17 | 000,003,940 | ---- | M] () -- C:\Users\hallo\AppData\Roaming\Mozilla\Firefox\Profiles\35vk0sbv.default\searchplugins\sweetim.xml
[2012.05.16 21:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.09.15 15:22:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.11.07 09:05:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.07 09:05:21 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.07 09:05:21 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.29 18:50:36 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2011.11.07 09:05:21 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.07 09:05:21 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 

O1 HOSTS File: ([2012.05.16 20:35:31 | 000,442,859 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 15218 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hallo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ITCCH.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32084FF4-CC0A-4146-823B-4E41460DC952}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\hallo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\hallo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5a1221f3-0102-11df-8d5a-efd97ae7ef42}\Shell - "" = AutoRun
O33 - MountPoints2\{5a1221f3-0102-11df-8d5a-efd97ae7ef42}\Shell\AutoRun\command - "" = G:\Start.exe
O33 - MountPoints2\{5bb68dd3-2ce4-11df-b13e-00ade1ac1c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{5bb68dd3-2ce4-11df-b13e-00ade1ac1c1a}\Shell\AutoRun\command - "" = G:\Start.exe
O33 - MountPoints2\{5bb68def-2ce4-11df-b13e-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{5bb68def-2ce4-11df-b13e-001e101f8924}\Shell\AutoRun\command - "" = G:\Start.exe
O33 - MountPoints2\{9f39b4d3-0104-11df-9120-00ade1ac1c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{9f39b4d3-0104-11df-9120-00ade1ac1c1a}\Shell\AutoRun\command - "" = G:\Start.exe
O33 - MountPoints2\{9f39b4ef-0104-11df-9120-001e101fb681}\Shell - "" = AutoRun
O33 - MountPoints2\{9f39b4ef-0104-11df-9120-001e101fb681}\Shell\AutoRun\command - "" = G:\Start.exe
O33 - MountPoints2\{a7e75b73-2b82-11df-94eb-0025b343bb89}\Shell - "" = AutoRun
O33 - MountPoints2\{a7e75b73-2b82-11df-94eb-0025b343bb89}\Shell\AutoRun\command - "" = G:\Start.exe
O33 - MountPoints2\{ab7e4374-2b84-11df-a2c6-00247e5bed1b}\Shell - "" = AutoRun
O33 - MountPoints2\{ab7e4374-2b84-11df-a2c6-00247e5bed1b}\Shell\AutoRun\command - "" = G:\Start.exe
O33 - MountPoints2\{ab7e4376-2b84-11df-a2c6-fb809831f4d0}\Shell - "" = AutoRun
O33 - MountPoints2\{ab7e4376-2b84-11df-a2c6-fb809831f4d0}\Shell\AutoRun\command - "" = H:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.17 00:00:00 | 000,018,816 | ---- | C] (Sophos Group) -- C:\windows\System32\SAVRKBootTasks.sys
[2012.05.16 23:12:40 | 000,000,000 | ---D | C] -- C:\Users\hallo\AppData\Roaming\Malwarebytes
[2012.05.16 23:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.16 23:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.16 23:11:59 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012.05.16 23:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.16 22:12:29 | 000,000,000 | ---D | C] -- C:\windows\QLB
[2012.05.16 22:12:21 | 000,000,000 | ---D | C] -- C:\windows\LastGood
[2012.05.16 22:09:21 | 000,000,000 | ---D | C] -- C:\Users\hallo\AppData\Local\Adobe
[2012.05.16 21:41:33 | 000,000,000 | ---D | C] -- C:\Users\hallo\AppData\Roaming\Macromedia
[2012.05.16 21:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2012.05.16 21:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\RegSupreme
[2012.05.16 21:14:31 | 000,000,000 | ---D | C] -- C:\Users\hallo\AppData\Roaming\Adobe
[2012.05.16 20:29:24 | 000,000,000 | ---D | C] -- C:\Users\hallo\AppData\Local\Mozilla
[2012.05.16 20:29:23 | 000,000,000 | ---D | C] -- C:\Users\hallo\AppData\Roaming\Mozilla
[2012.05.09 10:16:59 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2012.05.09 10:16:59 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012.05.09 10:16:59 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2012.05.09 10:16:59 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2012.05.09 10:16:59 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2012.05.09 10:16:53 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012.05.09 10:16:52 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012.05.09 10:16:52 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012.05.04 12:47:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2012.04.27 20:37:27 | 000,962,560 | ---- | C] (East Wind Software) -- C:\windows\System32\advdaudio.ocx
[2012.04.27 20:37:27 | 000,634,880 | ---- | C] (Online Media Technologies Ltd.) -- C:\windows\System32\NCTAudioEditor2.dll
[2012.04.27 20:37:27 | 000,522,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\windows\System32\NCTAudioTransform2.dll
[2012.04.27 20:37:26 | 000,966,144 | ---- | C] (Online Media Technologies Ltd.) -- C:\windows\System32\NCTAudioInformation2.dll
[2012.04.27 20:37:26 | 000,877,568 | ---- | C] (NCT Company Ltd.) -- C:\windows\System32\NCTAudioFile2.dll
[2012.04.27 20:37:26 | 000,467,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\windows\System32\NCTAudioRecord2.dll
[2012.04.27 20:37:26 | 000,467,456 | ---- | C] (Online Media Technologies Ltd.) -- C:\windows\System32\NCTAudioPlayer2.dll
[2012.04.27 20:37:25 | 000,413,696 | ---- | C] (Gabest) -- C:\windows\System32\flvsplitter.ax
[3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\System32\drivers\*.tmp files -> C:\windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.16 23:58:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012.05.16 23:34:54 | 000,003,216 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.16 23:34:54 | 000,003,216 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.16 22:21:02 | 000,083,613 | ---- | M] () -- C:\Users\hallo\Desktop\31660_430230787064_291586927064_5114870_3605342_n.jpg
[2012.05.16 21:36:55 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2012.05.16 21:34:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.05.16 20:35:31 | 000,442,859 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012.05.16 20:30:20 | 000,442,859 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20120516-203531.backup
[2012.05.16 20:27:51 | 000,442,859 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20120516-203020.backup
[2012.05.16 18:41:12 | 000,442,859 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20120516-202751.backup
[2012.05.16 18:37:40 | 000,442,859 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20120516-184112.backup
[2012.05.16 18:12:45 | 000,442,859 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20120516-183739.backup
[2012.05.09 12:04:50 | 000,377,056 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012.05.09 11:54:36 | 000,637,554 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.05.09 11:54:36 | 000,121,058 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.05.09 11:54:35 | 000,678,342 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.05.09 11:54:35 | 000,147,494 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.04.25 14:43:48 | 000,442,689 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20120516-181245.backup
[2012.04.25 09:54:28 | 001,598,464 | ---- | M] () -- C:\Users\hallo\Documents\Was_es_bedeutet_ARM_zu_sein1.pps
[3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\System32\drivers\*.tmp files -> C:\windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.16 22:20:59 | 000,083,613 | ---- | C] () -- C:\Users\hallo\Desktop\31660_430230787064_291586927064_5114870_3605342_n.jpg
[2012.04.27 20:37:27 | 000,110,080 | ---- | C] () -- C:\windows\System32\advd.dll
[2012.04.27 20:37:27 | 000,023,040 | ---- | C] () -- C:\windows\System32\auth.dll
[2012.04.27 20:37:25 | 000,511,488 | ---- | C] () -- C:\windows\System32\lame_enc.dll
[2012.01.01 21:27:22 | 000,000,146 | ---- | C] () -- C:\windows\WININIT.INI
[2011.01.27 10:34:05 | 000,000,229 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2011.01.27 10:34:05 | 000,000,093 | ---- | C] () -- C:\windows\brpcfx.ini
[2011.01.27 10:34:05 | 000,000,050 | ---- | C] () -- C:\windows\System32\bd9840cn.dat
[2011.01.27 10:31:12 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2011.01.27 10:31:11 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat
[2011.01.27 10:31:10 | 000,106,496 | ---- | C] () -- C:\windows\System32\BrMuSNMP.dll
[2011.01.27 10:29:33 | 000,031,664 | ---- | C] () -- C:\windows\maxlink.ini
[2010.09.18 11:30:02 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI
[2010.09.18 11:30:02 | 000,000,026 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2010.09.18 11:30:00 | 000,000,034 | ---- | C] () -- C:\windows\System32\bd9840cd.dat
[2010.09.18 11:29:32 | 000,000,000 | ---- | C] () -- C:\Program Files\error.dat
[2010.09.18 11:29:32 | 000,000,000 | ---- | C] () -- C:\windows\brmx2001.ini
[2010.09.18 11:29:21 | 000,045,056 | ---- | C] () -- C:\windows\System32\BRTCPCON.DLL
[2010.09.18 11:29:19 | 000,000,114 | ---- | C] () -- C:\windows\System32\BRLMW03A.INI
[2010.09.18 11:29:19 | 000,000,050 | ---- | C] () -- C:\windows\System32\BAOCH06A.DAT
 
========== LOP Check ==========
 
[2012.05.16 19:48:28 | 000,032,536 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\$NtUninstallKB62280$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

Müllsammler?  
Ich würde erneut zur Neuinstallation raten, auch wenn es Aufwand bedeutet.

Und lass CCleaner, Spybot und Ashampoo-Zeug weg.
 

Die Mail kam von: [email protected]
und war eine Bestätigung einer bestellung mit einer Zipdatei, die ich leider heruntergeldaden habe.

Herzlichen dank zum Voraus für eure Tipps.

Ja, Viren und Trojaner werden von verschiedenen Absendern geschickt. 
Mach die Kiste neu, alles andere ist unsicher und herumgefussel.
 

Wie kann ich das ohne Cd von Windows? Und die Sicherheitsprogramme habe ich dann ja auch nicht mehr.

Ja, ich würde (leider) eine komplette Neuinstallation empfehlen, alles andere wäre halbherzig meiner Meinung nach.
Und dafür brauchst Du nun mal einen Key (Aufkleber auf dem Gehäuse?) und die DVD. Und Zusatzpragramme müssten eben auch neu installiert werden.

Vielleicht gibt es ja noch andere Ratschläge, warte es ab.
 
Viel Erfolg!