Trojaner gefunden TR/BHO.215552

#16 Start --> Zubehör -- > Bei Eingabeaufforderung Rechtsklick -> Als Administrator ausführen --> dann dort cd c:\ eingeben und dann sfc /scannow

#17 JETZT hats funktioniert.

Überprüfung 100% abgeschlossen.
Der Windows-Ressourcenschutz hat beschädigte Dateien gefunden und konnte einige
der Dateien nicht reparieren.
Details finden Sie in der Datei "CBS.Log" <windir\Logs\CBS\CBS.log>.
Beispielsweise "C:\Windows\Logs\CBS\CBS.log".

c:\>


PS: Ich habe auch ein hj gemacht - allerdings lässt das Programm kein logfile erstellen?!
(hat bis jetzt immer funktioniert) - Siehe Anhang

#18 HOSTFILE:

Navigiere wie folgt:
• öffne das HijackThis
• Do a system scan only
• Config
• Misc Tools
• Open Hosts file Manager
• delet line(s)



Und wie läuft das System? Kannst Du wieder normal arbeiten?

#19 Hi Swiss!

System läuft so lala... der lästige Banner kommt noch immer - egal welche Seite ich besuche und hj funktioniert auch nicht :-(

Also noch ein wenig Arbeit... :-((

Dieser "Banner" bzw. diese Leiste dürfte noch immer dieses "ChamäleonTom" erzeugen. Trotz deinstallieren bzw. so wie du es angeführt hast, war es noch immer da. Ein hartnäckiges App, dass ich da bei Facebook draufgekriegt hab.

Ich wäre dir sehr dankbar, wenn wir das gemeinsam wieder hinkriegen, denn es stört immens und lässt auch Firefox ständig abstürzen.

Entspannten Sonntagabend noch!

#20 Hast Du HiJackTHis auch mittels rechtsklick --> Als Administrator ausführen, geöffnet?

Erneuter Systemscan mit OTL

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte [COLOR=green]Use SafeList[/COLOR] • Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles in Code-Tags hier in den Thread.

#21

Zitat

Swisstreasure postete
Hast Du HiJackTHis auch mittels rechtsklick --> Als Administrator ausführen, geöffnet?

Erneuter Systemscan mit OTL

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte [COLOR=green]Use SafeList[/COLOR] • Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles in Code-Tags hier in den Thread.

Guten Morgen!

Ja - ich habs als Admin geöffnet. So - bevor ich jetzt nochmals einen SystemScann mache, möchte ich dir zeigen, was kommt, wenn ich im google eine suche mache.

Dann leitet "das Ding" einfach auf folgende Seite um: httpxxxchameleontome.iamwired.net/error.php?q=

Also - dieses Chameleon ist noch drauf und macht mir das Leben schwer....

So - ich mach jetzt mal den Systemscan.

cu

#22 Und hjt "mag" mich auch wieder - zumindest konnte ich ein Log machen:

Zitat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:04:29, on 22.03.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=92&bd=all&pf=cmnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=92&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=92&bd=all&pf=cmnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\Hewlett-Packard\HP Webcam" UpdateWithCreateOnce "Software\CyberLink\HP Webcam\1.0"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD8SESD\DVDCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0125231253034588) (0125231253034588mcinstcleanup) - Unknown owner - C:\Users\Trummer\AppData\Local\Temp\012523~1.EXE (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\system32\rpcnet.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 11483 bytes

#23 Hast Du die Host bearbeitet mit HJT wie ich oben beschrieben habe?

#24

Zitat

Swisstreasure postete
Hast Du die Host bearbeitet mit HJT wie ich oben beschrieben habe?

Ja - da wurde alles (delete line(s) ) rausgelöscht ...

Jetzt hab ich Zeit für OTL. Melde mich später, wenn das erledigt ist.

#25 OTL logfile created on: 22.03.2010 18:02:52 - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Trummer\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,09 Gb Total Space | 200,84 Gb Free Space | 69,96% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 2,07 Gb Free Space | 20,70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1022,00 Mb Total Space | 1017,03 Mb Free Space | 99,51% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CT
Current User Name: Trummer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Users\Trummer\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\Trummer\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (0125231253034588mcinstcleanup) McAfee Application Installer Cleanup (0125231253034588) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (Agere Systems)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (Lbd) -- C:\windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MfeRKDK) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeBOPK) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MfeAVFK) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (ql40xx) -- C:\windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=92&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=92&bd=all&pf=cmnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=92&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.at"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4
FF - prefs.js..extensions.enabledItems: {88ee5d19-f0ed-3a48-71e5-bf244422e9ac}:4.6.6.4


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.09.24 21:37:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.15 21:12:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.02 07:51:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.02.15 21:08:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.02.15 21:08:50 | 000,000,000 | ---D | M]

[2009.10.29 08:16:57 | 000,000,000 | ---D | M] -- C:\Users\Trummer\AppData\Roaming\mozilla\Extensions
[2009.10.29 08:16:57 | 000,000,000 | ---D | M] -- C:\Users\Trummer\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.03.22 14:52:41 | 000,000,000 | ---D | M] -- C:\Users\Trummer\AppData\Roaming\mozilla\Firefox\Profiles\04kb3su3.default\extensions
[2009.09.17 08:15:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Trummer\AppData\Roaming\mozilla\Firefox\Profiles\04kb3su3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.28 09:14:47 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\Trummer\AppData\Roaming\mozilla\Firefox\Profiles\04kb3su3.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2009.09.24 17:20:32 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Trummer\AppData\Roaming\mozilla\Firefox\Profiles\04kb3su3.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010.01.29 10:07:34 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Trummer\AppData\Roaming\mozilla\Firefox\Profiles\04kb3su3.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.01.30 15:25:01 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Trummer\AppData\Roaming\mozilla\Firefox\Profiles\04kb3su3.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.03.01 16:50:16 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.02.26 11:48:48 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Programme\Mozilla Firefox\extensions\{88ee5d19-f0ed-3a48-71e5-bf244422e9ac}
[2010.02.15 21:12:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.15 21:12:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.15 21:12:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.15 21:12:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.15 21:12:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.03.22 09:04:05 | 000,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD8SESD\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - c:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com (• http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com (• https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Trummer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\UA8H7I0V\CIMG9144.JPG
O24 - Desktop BackupWallPaper: C:\Users\Trummer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\UA8H7I0V\CIMG9144.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9dfa81ee-a213-11de-8df8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9dfa81ee-a213-11de-8df8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.03.20 17:01:33 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.03.19 21:48:27 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2010.03.19 21:39:51 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2010.03.19 21:39:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.03.19 21:39:02 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.03.19 21:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.03.19 20:41:12 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browserchoice.exe
[2010.03.19 20:34:38 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2010.03.19 20:19:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.03.11 20:21:54 | 000,000,000 | ---D | C] -- C:\Users\Trummer\AppData\Local\Apple Computer
[2010.03.01 16:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.03.01 16:50:32 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.03.01 16:50:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2010.03.01 16:50:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2010.03.01 16:50:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2010.02.24 08:05:41 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2010.02.24 08:05:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010.02.24 08:05:19 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_isv.exe
[2010.02.24 08:05:19 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_isv.dll
[2010.02.24 08:05:19 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc.dll
[2010.02.24 08:05:19 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp_isv.exe
[2010.02.24 08:05:18 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate.exe
[2010.02.24 08:05:18 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp.exe
[2010.02.24 08:05:18 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdrm.dll
[2010.02.24 08:05:18 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp_isv.dll
[2010.02.24 08:05:18 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp.dll
[2010.02.24 08:05:16 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\gameux.dll
[2010.02.24 08:05:15 | 004,240,384 | ---- | C] (Microsoft) -- C:\windows\System32\GameUXLegacyGDFs.dll
[2010.02.24 08:05:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Apphlpdm.dll
[2009.09.15 17:52:05 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009.09.15 17:52:03 | 000,203,312 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.03.22 18:03:15 | 000,000,426 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{1FCCFA48-27A3-4113-99A4-38636A463B2B}.job
[2010.03.22 18:02:10 | 002,883,584 | -HS- | M] () -- C:\Users\Trummer\NTUSER.DAT
[2010.03.22 18:02:00 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.22 18:02:00 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.22 16:30:36 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.22 16:30:35 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.22 15:35:07 | 001,541,724 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010.03.22 15:35:07 | 000,664,282 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010.03.22 15:35:07 | 000,625,582 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010.03.22 15:35:07 | 000,142,622 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010.03.22 15:35:07 | 000,117,144 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010.03.22 14:42:15 | 000,002,735 | ---- | M] () -- C:\Users\Trummer\Desktop\Microsoft Office Outlook 2007.lnk
[2010.03.22 12:30:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010.03.22 12:30:02 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe
[2010.03.22 07:34:26 | 000,000,370 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010.03.22 07:33:01 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll
[2010.03.22 07:32:54 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010.03.22 07:32:43 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.21 20:03:52 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2010.03.21 20:03:38 | 000,524,288 | -HS- | M] () -- C:\Users\Trummer\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010.03.21 20:03:38 | 000,065,536 | -HS- | M] () -- C:\Users\Trummer\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010.03.21 20:03:08 | 003,604,945 | -H-- | M] () -- C:\Users\Trummer\AppData\Local\IconCache.db
[2010.03.21 19:50:06 | 000,080,577 | ---- | M] () -- C:\Users\Trummer\Desktop\Zwischenablage01.jpg
[2010.03.20 17:01:34 | 000,001,874 | ---- | M] () -- C:\Users\Trummer\Desktop\HijackThis.lnk
[2010.03.20 10:16:21 | 000,001,905 | ---- | M] () -- C:\windows\diagwrn.xml
[2010.03.20 10:16:21 | 000,001,905 | ---- | M] () -- C:\windows\diagerr.xml
[2010.03.19 21:48:26 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2010.03.19 21:39:20 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.03.16 15:33:55 | 000,392,657 | R--- | M] () -- C:\Users\Trummer\Desktop\La Esperanza-Beraterantrag-Deutschland_15_03_2010.pdf
[2010.03.15 15:27:43 | 000,001,018 | ---- | M] () -- C:\Users\Trummer\Desktop\La_Esperanza_Gesch%E4ftspr%E4sentation_14_03_2010 - Verknüpfung.lnk
[2010.03.15 14:00:15 | 000,488,688 | ---- | M] () -- C:\Users\Trummer\Desktop\P3140290.jpg
[2010.03.11 11:00:15 | 000,034,894 | ---- | M] () -- C:\Users\Trummer\Documents\IGM- Aufgabenstellung-Claudia Trummer.pdf
[2010.03.11 10:57:52 | 000,038,395 | ---- | M] () -- C:\Users\Trummer\Documents\IGM- Plan75-Trummer Claudia.pdf
[2010.03.11 10:56:28 | 000,028,160 | ---- | M] () -- C:\Users\Trummer\Documents\IGM- Plan75.doc
[2010.03.11 10:37:08 | 000,028,672 | ---- | M] () -- C:\Users\Trummer\Documents\IGM- Aufgabenstellung.doc
[2010.03.10 15:38:11 | 000,001,670 | ---- | M] () -- C:\Users\Trummer\Desktop\CCleaner.lnk
[2010.03.06 21:31:41 | 000,010,707 | ---- | M] () -- C:\Users\Trummer\Documents\IGM- Aufgabenstellung.docx
[2010.03.06 09:20:14 | 049,901,307 | R--- | M] () -- C:\Users\Trummer\Desktop\vpBrosch200910endfassung_tcm29-2216.pdf
[2010.03.05 18:37:38 | 000,046,080 | ---- | M] () -- C:\Users\Trummer\Desktop\UN-Interview-03-10 (2).doc
[2010.03.02 17:19:13 | 000,002,564 | ---- | M] () -- C:\Users\Trummer\Desktop\ct0210mlminfos.jpg
[2010.03.01 12:58:29 | 000,904,393 | ---- | M] () -- C:\Users\Trummer\P1010044.JPG
[2010.03.01 12:58:27 | 000,890,254 | ---- | M] () -- C:\Users\Trummer\P1010043.JPG
[2010.02.26 21:04:17 | 000,004,096 | -H-- | M] () -- C:\Users\Trummer\AppData\Local\keyfile3.drm
[2010.02.24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2010.02.24 09:07:08 | 000,119,696 | ---- | M] () -- C:\Users\Trummer\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.24 09:06:14 | 000,433,976 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.03.22 07:34:25 | 000,000,370 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010.03.21 19:50:06 | 000,080,577 | ---- | C] () -- C:\Users\Trummer\Desktop\Zwischenablage01.jpg
[2010.03.20 17:01:34 | 000,001,874 | ---- | C] () -- C:\Users\Trummer\Desktop\HijackThis.lnk
[2010.03.20 10:11:52 | 000,001,905 | ---- | C] () -- C:\windows\diagwrn.xml
[2010.03.20 10:11:52 | 000,001,905 | ---- | C] () -- C:\windows\diagerr.xml
[2010.03.19 21:39:20 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.03.16 15:34:27 | 000,392,657 | R--- | C] () -- C:\Users\Trummer\Desktop\La Esperanza-Beraterantrag-Deutschland_15_03_2010.pdf
[2010.03.15 15:27:43 | 000,001,018 | ---- | C] () -- C:\Users\Trummer\Desktop\La_Esperanza_Gesch%E4ftspr%E4sentation_14_03_2010 - Verknüpfung.lnk
[2010.03.15 14:00:15 | 000,488,688 | ---- | C] () -- C:\Users\Trummer\Desktop\P3140290.jpg
[2010.03.11 11:00:15 | 000,034,894 | ---- | C] () -- C:\Users\Trummer\Documents\IGM- Aufgabenstellung-Claudia Trummer.pdf
[2010.03.11 10:57:51 | 000,038,395 | ---- | C] () -- C:\Users\Trummer\Documents\IGM- Plan75-Trummer Claudia.pdf
[2010.03.11 10:37:21 | 000,028,160 | ---- | C] () -- C:\Users\Trummer\Documents\IGM- Plan75.doc
[2010.03.11 10:26:00 | 000,028,672 | ---- | C] () -- C:\Users\Trummer\Documents\IGM- Aufgabenstellung.doc
[2010.03.06 13:07:10 | 000,010,707 | ---- | C] () -- C:\Users\Trummer\Documents\IGM- Aufgabenstellung.docx
[2010.03.06 09:20:14 | 049,901,307 | R--- | C] () -- C:\Users\Trummer\Desktop\vpBrosch200910endfassung_tcm29-2216.pdf
[2010.03.05 18:37:37 | 000,046,080 | ---- | C] () -- C:\Users\Trummer\Desktop\UN-Interview-03-10 (2).doc
[2010.03.02 17:19:13 | 000,002,564 | ---- | C] () -- C:\Users\Trummer\Desktop\ct0210mlminfos.jpg
[2010.03.01 12:58:06 | 000,904,393 | ---- | C] () -- C:\Users\Trummer\P1010044.JPG
[2010.03.01 12:58:06 | 000,890,254 | ---- | C] () -- C:\Users\Trummer\P1010043.JPG
[2009.12.08 21:02:53 | 000,000,000 | ---- | C] () -- C:\Users\Trummer\AppData\Local\FnF4.txt
[2009.11.12 16:40:51 | 000,000,095 | ---- | C] () -- C:\Users\Trummer\AppData\Local\fusioncache.dat
[2009.11.12 16:40:36 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2009.10.20 17:24:43 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2009.10.05 09:01:33 | 000,004,096 | -H-- | C] () -- C:\Users\Trummer\AppData\Local\keyfile3.drm
[2009.09.24 20:54:12 | 000,003,337 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.09.19 18:03:55 | 000,027,136 | ---- | C] () -- C:\Users\Trummer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.16 08:57:45 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.09.16 08:57:45 | 000,000,008 | RHS- | C] () -- C:\ProgramData\0C55781952.sys
[2009.09.15 20:26:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.15 18:04:50 | 000,000,000 | ---- | C] () -- C:\Users\Trummer\AppData\Local\QSwitch.txt
[2009.09.15 18:04:50 | 000,000,000 | ---- | C] () -- C:\Users\Trummer\AppData\Local\DSwitch.txt
[2009.09.15 18:04:50 | 000,000,000 | ---- | C] () -- C:\Users\Trummer\AppData\Local\AtStart.txt
[2009.09.15 17:52:03 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009.09.15 17:52:03 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009.09.15 17:52:03 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2009.09.15 17:41:17 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009.05.26 10:33:53 | 000,000,185 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009.04.16 00:25:22 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2008.04.17 17:29:08 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:8FF81EB0
< End of report >



OTL Extras logfile created on: 22.03.2010 18:02:52 - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Trummer\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,09 Gb Total Space | 200,84 Gb Free Space | 69,96% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 2,07 Gb Free Space | 20,70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1022,00 Mb Total Space | 1017,03 Mb Free Space | 99,51% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CT
Current User Name: Trummer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{387CF886-A38F-4995-85FD-A16916FFE816}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{388EE629-CB26-441A-8EBC-C929241FB58C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{496944A5-04A0-4CA0-9287-A510121B8D0F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{500279D5-2E99-42B3-BFE1-3D0E6623F4EA}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{60BBF561-3E27-415C-9EB7-6EE0A2B9C6BA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{612F7055-AC11-4F78-A0E3-D297AFEADA77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A2BCE6D-E5E2-4CC4-A0D3-DB82DDB94526}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B8C08F2F-C3A1-44E5-96C1-CC38443080AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE389A90-1341-47DC-9661-FF518580E187}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E4A96AB1-B09F-4725-A490-7491A91039CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EAF71C7F-16FA-4FE3-9F2B-EC9A8E92F49C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FBA60DFA-9894-4BA0-A780-04B7B5DC4AEA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29DCC385-E0B4-473E-B941-0430C120A5EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{35FE6839-BAAB-4432-919A-0B5FC9C7BE3B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{39B17B05-3935-4C03-89E6-BFF9AC409003}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{45B3E334-84A0-48B9-8AD9-9A46F648D636}" = protocol=17 | dir=in | app=c:\program files\deepinvent\mailstore home\mailstorelocal.exe |
"{4F62B726-E198-4067-8F1B-BE48B67B8ECF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5CD54F20-844B-46B2-98E1-5D87CF899A64}" = dir=in | app=e:\setup\hpznui01.exe |
"{6225B76F-4773-41D4-9F2F-1D7F821AEBB1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{715C6312-8224-4DB4-A3E3-2BD272C0FB4E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{8057ED49-5DEB-45E2-88D7-C2EF7A2D4F35}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{8C4864E1-90E2-4295-8340-BE3D80A4E5FC}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{954A2227-9DAC-43AB-9F6A-A1C2E1BDFB50}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{9745701D-228B-46F4-801C-9C4D9DE5DECB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{9751C249-760A-4691-BA8C-9AA70C05350D}" = protocol=6 | dir=in | app=c:\program files\deepinvent\mailstore home\mailstorelocal.exe |
"{9D84374B-4EFC-4F43-89E8-68FD57F6B36E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{AB205475-F49E-4120-97A1-EE1516884847}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{AB721309-5DB5-4254-8FCC-7676FE3E38F4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{ACF50550-B20C-4918-9909-6F8891ABA714}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{AFCD855C-F44C-4A51-B4A8-1638F3D341C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{EDB73C33-CD0A-4CA8-9902-4C9DD1DA3433}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{F824947C-5ECC-415D-9DCA-5F09BB3DA1F8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{5E9F859E-1A97-4B82-B437-6D3000B7DED5}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"TCP Query User{A69922AA-134A-4920-AAAC-FCC544507478}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B6FB6247-3826-4B2E-8CC3-F70096D29534}C:\programdata\spontania4im\spontaniavideo.exe" = protocol=6 | dir=in | app=c:\programdata\spontania4im\spontaniavideo.exe |
"UDP Query User{3BF79EE1-2DAB-4D08-A3A8-962108159991}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{75045953-6F5D-4961-AC4F-FF052801A911}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{9D6CE6A9-26F0-475F-8061-9A24B298804F}C:\programdata\spontania4im\spontaniavideo.exe" = protocol=17 | dir=in | app=c:\programdata\spontania4im\spontaniavideo.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{1373F37A-08A5-A7C9-7004-BE87467CF585}" = Catalyst Control Center Graphics Full New
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1D3EF69A-BBC3-B00B-0C36-062A36466706}" = CCC Help Greek
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2287DBA3-AD47-4FF0-AAB6-551992E43D0D}" = HP User Guides 0133
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{253FCC55-E03D-40D4-A407-3470BE4101C0}" = VistaPrint Electronic Business Card
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{255D9E15-C69E-D650-EBC8-2209DA1ABDAE}" = CCC Help Russian
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 18
"{26DEDA99-DDD3-48E1-42AA-E6D7C2594646}" = CCC Help Portuguese
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2B7F990D-80DF-4122-56E4-20CDDB696CBA}" = Skins
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{31043705-9B90-482A-1654-4DAB99F125FF}" = CCC Help French
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.50 A1
"{37B41895-0BEE-3831-531B-EFBB4F9E3505}" = Catalyst Control Center Core Implementation
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3BA904CF-8B75-41AF-A5D2-F18A511536CA}" = LightScribe System Software
"{3C6D6D40-CCD7-FAD1-C71B-F4A005CA7FB2}" = CCC Help Chinese Traditional
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41818E2C-E227-BD82-1F80-8D2603B00EB3}" = Catalyst Control Center Localization All
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48EE8491-08E3-4996-ACA4-1E71ED5A1C4F}" = Catalyst Control Center Graphics Full Existing
"{491464CD-DF4B-8DF3-108A-0C4D988F7E08}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4DF06829-423B-4D04-9ABB-4C8D9ABF7BC5}" = CCC Help Thai
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4FEA85FC-49B2-2472-E2B1-ED902D0E7607}" = CCC Help Dutch
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5BFB956C-3AB9-492A-9E91-5D8C87DCC598}" = Paint.NET v3.5.1
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{6270CB34-1536-454B-9246-B7CB50AF6324}" = Mobile Breitband-Internet-Installation
"{6441AF33-BEF0-A597-9D4F-B2EC69C7EB85}" = CCC Help Japanese
"{6533DCA9-C3C4-A141-0AC2-2AA60BB88714}" = CCC Help Swedish
"{65E38B35-E861-39AD-94C3-9A6BC099BE73}" = ATI Catalyst Install Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{697B1E2E-4754-1E53-1EA2-5B54794DF4C4}" = CCC Help Norwegian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CB01492-9EB8-6EA9-0EEC-88FECA4CA74D}" = CCC Help Italian
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75C5100D-9874-EA1C-EBF1-B11DB721C7D0}" = CCC Help Chinese Standard
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B5B7A1F-149A-922A-B855-6B80FC1D0664}" = CCC Help Czech
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E05A9B8-173B-9DFC-75FA-A1EA61F737B1}" = CCC Help Korean
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9ED8918B-6561-2C39-0703-67273861F84A}" = CCC Help Danish
"{A1DB71A6-3809-4A85-2CD9-C4518C123F95}" = CCC Help Finnish
"{A3276EED-22A1-4808-9AA3-88A451482E10}" = Catalyst Control Center - Branding
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA8EC7A4-EA02-4A72-B14F-65DA485F74C8}" = ESU for Microsoft Vista SP1
"{AAB53AB8-03FC-5F3C-2822-312D66E15DA5}" = CCC Help Spanish
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB497FF1-AEA0-2B68-AB6F-F9577916A0CD}" = ccc-utility
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6FECC42-C7ED-86E2-3BD8-6EF99FEF168A}" = CCC Help German
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BA6FDFE7-A596-0ABE-0F2A-4B90AF48439F}" = Catalyst Control Center InstallProxy
"{C021640F-DED0-71B2-CA5B-8F1EE1130E26}" = CCC Help English
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DC28A406-462D-4A08-A125-3EAF8A64DE4E}" = HP Wireless Assistant
"{DCB51FBC-68AD-42FF-8426-199F1FE2C4F5}" = AMD USB Filter Driver
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E05EB9D2-8559-4821-98AC-3D5DA3242D5B}" = Vista Default Settings
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4A4F5C0-C67F-22EC-319B-44546DFC3DB3}" = Catalyst Control Center Graphics Light
"{E777AA77-5DF2-99D1-CF96-7EECFA652AA0}" = ccc-core-static
"{EA3BE3EA-A032-BC41-B753-74453AD7D22F}" = CCC Help Turkish
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFBE9BC0-39D6-FC89-5353-5641A18761F9}" = CCC Help Polish
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = CPQ Wallpaper
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F639E2A2-FE6B-4527-B8BE-C1C423B81844}" = HP Webcam
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"a-D6RBON-XsW" = LoudMo Contextual Ad Assistant
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Premium
"AVS Audio Editor_is1" = AVS Audio Editor version 5.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HijackThis" = HijackThis 2.0.2
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{F639E2A2-FE6B-4527-B8BE-C1C423B81844}" = HP Webcam
"IrfanView" = IrfanView (remove only)
"Lagerverwaltung" = RE's Lager-Verwaltung Version 1.3
"MailStore Home_is1" = MailStore Home 3.0.2.2448
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Breitband-Internet-Installation" = Mobile Breitband-Internet-Installation
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"Nvu_is1" = Nvu 1.0
"PDF Complete" = PDF Complete
"Picasa 3" = Picasa 3
"Polipo" = Polipo 1.0.4
"PROHYBRIDR" = 2007 Microsoft Office system
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Tor" = Tor 0.2.1.22
"Veetle TV" = Veetle TV 0.9.15
"Vidalia" = Vidalia 0.2.6
"VLC media player" = VLC media player 1.0.2

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AHK BBCodeWriter" = AHK BBCodeWriter

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 19.03.2010 16:07:42 | Computer Name = CT | Source = WinMgmt | ID = 10
Description =

Error - 19.03.2010 16:39:42 | Computer Name = CT | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 19.03.2010 16:42:23 | Computer Name = CT | Source = WinMgmt | ID = 10
Description =

Error - 19.03.2010 19:01:43 | Computer Name = CT | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PsiService_2.exe, Version 2.0.1.124, Zeitstempel
0x46a641af, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xb64, Anwendungsstartzeit
01cac7a49d3764c8.

Error - 20.03.2010 04:17:02 | Computer Name = CT | Source = WinMgmt | ID = 10
Description =

Error - 20.03.2010 05:11:20 | Computer Name = CT | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.2.3667, Zeitstempel
0x4b5102f0, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000374, Fehleroffset 0x000afaf8, Prozess-ID 0x3c0, Anwendungsstartzeit
01cac80ae0a3852a.

Error - 20.03.2010 13:55:58 | Computer Name = CT | Source = Application Hang | ID = 1002
Description = Programm Picasa3.exe, Version 3.6.105.41 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: c34 Anfangszeit: 01cac855da0f82ea Zeitpunkt der Beendigung:
28

Error - 21.03.2010 03:57:18 | Computer Name = CT | Source = WinMgmt | ID = 10
Description =

Error - 21.03.2010 15:03:53 | Computer Name = CT | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PsiService_2.exe, Version 2.0.1.124, Zeitstempel
0x46a641af, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xb98, Anwendungsstartzeit
01cac8cc1414120d.

Error - 22.03.2010 02:33:19 | Computer Name = CT | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 17.01.2010 14:07:05 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7440
seconds with 240 seconds of active time. This session ended with a crash.

Error - 22.01.2010 08:27:48 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25.01.2010 05:35:41 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28.01.2010 12:39:13 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 833
seconds with 180 seconds of active time. This session ended with a crash.

Error - 31.01.2010 06:25:54 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 526
seconds with 60 seconds of active time. This session ended with a crash.

Error - 18.02.2010 10:59:30 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3039
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 20.02.2010 05:11:17 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4556
seconds with 240 seconds of active time. This session ended with a crash.

Error - 21.02.2010 07:44:56 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.

Error - 23.02.2010 09:47:48 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7428
seconds with 120 seconds of active time. This session ended with a crash.

Error - 01.03.2010 13:48:44 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31277
seconds with 4020 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 20.03.2010 04:18:11 | Computer Name = CT | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 20.03.2010 13:54:08 | Computer Name = CT | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.0.0.5 für die Netzwerkkarte mit der Netzwerkadresse
002556A35FA1 wurde durch den DHCP-Server 10.0.0.138 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 20.03.2010 13:58:18 | Computer Name = CT | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.0.0.1 für die Netzwerkkarte mit der Netzwerkadresse
002556A35FA1 wurde durch den DHCP-Server 10.0.0.138 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 21.03.2010 03:57:18 | Computer Name = CT | Source = Service Control Manager | ID = 7000
Description =

Error - 21.03.2010 03:57:18 | Computer Name = CT | Source = Service Control Manager | ID = 7000
Description =

Error - 21.03.2010 03:58:36 | Computer Name = CT | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 22.03.2010 02:33:20 | Computer Name = CT | Source = Service Control Manager | ID = 7000
Description =

Error - 22.03.2010 02:33:20 | Computer Name = CT | Source = Service Control Manager | ID = 7000
Description =

Error - 22.03.2010 02:33:55 | Computer Name = CT | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 22.03.2010 12:52:47 | Computer Name = CT | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.0.0.5 für die Netzwerkkarte mit der Netzwerkadresse
002556A35FA1 wurde durch den DHCP-Server 10.0.0.138 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).


< End of report >

#26 Noch eine Frage ... gibts beim hj-log nicht einige dinge, die ich fixen könnte?

wie zB:

Zitat

O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)

Quelle: http://board.protecus.de/t39314-2.htm#ixzz0iveRpgLd

und wie sieht es mit den anderen dingen aus?

#27 Ich werde mich gleich um dein Beitrag kümmern. Bin noch unterwegs

#28 Hattest Du einmal MCAFEE drauf??

Schritt 1

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

• Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista-User mit Rechtsklick und als Administrator starten.
• Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code

:filefind
chameleon

:regfind
chameleon

• Klicke nun auf den Button Look, um den Scan zu starten.
• Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
• Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.



Schritt 2

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Vorbereitung und wichtige Hinweise

• Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren. • Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte vorher fragen.
• Bitte während des Laufs von Combofix nicht in das Combofix-Fenster klicken.
• Das könnte Dein System einfrieren oder hängen bleiben lassen.
• Es kann circa eine Viertelstunde dauern, bis der Scan fertig ist.
• ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
• Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
• Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
• Teile uns das mit und warte auf unsere Anweisungen.

Kurzanleitung zur Installation der Wiederherstellungskonsole und zur Anwendung
• Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
• Akzeptiere die Bedingungen (Disclaimer) mit "Ja".
• ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist.
Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
• Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
** Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.



Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

#29 Schritt 1 ausgeführt:

Zitat

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 09:22 on 23/03/2010 by Trummer (Administrator - Elevation successful)

========== filefind ==========

Searching for "chameleon"
No files found.

========== regfind ==========

Searching for "chameleon"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-554180810-1249555451-542339361-1004\Software\wit\data]
"chameleonEnabled"="false"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-554180810-1249555451-542339361-1004\Software\wit\data]
"chameleonEnabled"="false"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E7767193-0A2F-4AFE-BAF4-288366162E48}\1.0\0\win32]
@="C:\Program Files\ChameleonTom\wit4ie.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E7767193-0A2F-4AFE-BAF4-288366162E48}\1.0\HELPDIR]
@="C:\Program Files\ChameleonTom"
[HKEY_USERS\S-1-5-21-554180810-1249555451-542339361-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-554180810-1249555451-542339361-1004\Software\wit\data]
"chameleonEnabled"="false"
[HKEY_USERS\S-1-5-21-554180810-1249555451-542339361-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-554180810-1249555451-542339361-1004\Software\wit\data]
"chameleonEnabled"="false"

-=End Of File=-

#30 Schritt 2:

Zitat

ComboFix 10-03-22.02 - Trummer 23.03.2010 10:08:29.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.43.1031.18.1788.905 [GMT 1:00]
ausgeführt von:: c:\users\Trummer\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-112336987-3553908521-4046945762-500
c:\$recycle.bin\S-1-5-21-70900338-3400025044-3150093166-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\windows\system32\Connect.dll
c:\windows\system32\oem14.inf

.
((((((((((((((((((((((( Dateien erstellt von 2010-02-23 bis 2010-03-23 ))))))))))))))))))))))))))))))
.

2010-03-23 09:16 . 2010-03-23 09:16 -------- d-----w- c:\users\Trummer\AppData\Local\temp
2010-03-23 09:16 . 2010-03-23 09:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-20 16:01 . 2010-03-20 16:01 -------- d-----w- c:\program files\Trend Micro
2010-03-19 20:39 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-19 20:39 . 2010-03-19 20:39 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-19 20:39 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-03-19 20:39 . 2010-03-19 20:39 -------- d-----w- c:\programdata\Lavasoft
2010-03-19 20:39 . 2010-03-19 20:39 -------- d-----w- c:\program files\Lavasoft
2010-03-19 19:41 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-19 19:19 . 2010-03-19 19:19 -------- d-----w- C:\_OTL
2010-03-11 19:21 . 2010-03-11 19:21 -------- d-----w- c:\users\Trummer\AppData\Local\Apple Computer
2010-03-01 15:50 . 2010-03-01 15:50 -------- d-----w- c:\program files\Common Files\Java

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 09:05 . 2009-09-15 19:25 -------- d-----w- c:\users\Trummer\AppData\Roaming\Skype
2010-03-23 09:03 . 2009-09-15 19:26 -------- d-----w- c:\users\Trummer\AppData\Roaming\skypePM
2010-03-23 08:58 . 2009-09-29 09:14 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-03-23 07:35 . 2009-05-26 08:52 -------- d-----w- c:\programdata\PDFC
2010-03-23 07:33 . 2009-09-29 09:18 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-03-22 21:46 . 2009-09-15 16:24 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-22 14:35 . 2008-04-16 15:03 664282 ----a-w- c:\windows\system32\perfh007.dat
2010-03-22 14:35 . 2008-04-16 15:03 142622 ----a-w- c:\windows\system32\perfc007.dat
2010-03-19 20:41 . 2009-09-15 19:24 -------- d-----w- c:\program files\Google
2010-03-19 20:17 . 2010-01-18 15:33 -------- d-----w- c:\program files\BIPA
2010-03-11 11:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-11 11:56 . 2009-05-26 09:04 -------- d-----w- c:\programdata\Microsoft Help
2010-03-10 14:38 . 2009-10-21 18:10 -------- d-----w- c:\program files\CCleaner
2010-03-01 15:50 . 2009-09-16 06:50 -------- d-----w- c:\program files\Java
2010-02-24 09:16 . 2009-10-03 10:28 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 08:07 . 2009-09-15 17:04 119696 ----a-w- c:\users\Trummer\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-15 20:08 . 2010-02-15 20:08 -------- d-----w- c:\program files\QuickTime
2010-02-15 20:08 . 2010-02-15 20:08 -------- d-----w- c:\programdata\Apple Computer
2010-02-15 20:06 . 2010-02-15 20:06 -------- d-----w- c:\program files\Common Files\Apple
2010-02-15 20:06 . 2010-02-15 20:06 -------- d-----w- c:\program files\Apple Software Update
2010-02-15 20:06 . 2010-02-15 20:06 -------- d-----w- c:\programdata\Apple
2010-02-13 11:36 . 2009-10-08 08:36 -------- d-----w- c:\users\Trummer\AppData\Roaming\vlc
2010-02-11 19:56 . 2009-10-05 18:04 -------- d-----w- c:\program files\TeamViewer
2010-02-11 19:53 . 2009-10-05 18:04 -------- d-----w- c:\users\Trummer\AppData\Roaming\TeamViewer
2010-02-08 06:09 . 2010-01-30 14:24 -------- d-----w- c:\users\Trummer\AppData\Roaming\Tor
2010-02-08 05:59 . 2010-01-30 14:24 -------- d-----w- c:\users\Trummer\AppData\Roaming\Vidalia
2010-02-07 21:41 . 2010-02-07 21:41 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb43C4.tmp.exe
2010-01-30 14:24 . 2010-01-30 14:24 -------- d-----w- c:\program files\Vidalia Bundle
2010-01-29 17:54 . 2010-01-29 17:54 -------- d-----w- c:\users\Trummer\AppData\Roaming\dvdcss
2010-01-25 12:00 . 2010-02-24 07:05 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 07:05 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 07:05 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 07:05 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 07:05 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 09:41 . 2010-01-25 09:41 -------- d-----w- c:\programdata\WindowsSearch
2010-01-25 08:21 . 2010-02-24 07:05 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 07:05 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 07:05 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 07:05 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 07:05 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-06 15:39 . 2010-02-24 07:05 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 07:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 07:05 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 07:05 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 07:05 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 07:05 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 07:05 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38 . 2010-01-22 06:30 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 06:30 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 06:30 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 06:30 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-05-26 08:39 . 2009-05-26 08:39 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-09 2393376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-08-08 319000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-02-18 506424]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-03 287288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-16 61440]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"WatchDog"="c:\program files\InterVideo\DVD8SESD\DVDCheck.exe" [2009-04-03 200848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-09-15 209153]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-30 483428]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):eb,b3,ad,f5,3e,52,ca,01

R2 0125231253034588mcinstcleanup;McAfee Application Installer Cleanup (0125231253034588);c:\users\Trummer\AppData\Local\Temp\012523~1.EXE [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-19 1263728]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-04-15 180224]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-09-15 194817]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-09-15 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-09-15 434945]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-08-08 777240]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2010-01-12 185640]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-02-03 209464]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-02-09 22328]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-09 23:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 21:47]

2010-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 21:47]

2010-03-23 c:\windows\Tasks\User_Feed_Synchronization-{1FCCFA48-27A3-4113-99A4-38636A463B2B}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=92&bd=all&pf=cmnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\users\Trummer\AppData\Roaming\Mozilla\Firefox\Profiles\04kb3su3.default\
FF - prefs.js: browser.startup.homepage - www.google.at
FF - component: c:\program files\Mozilla Firefox\extensions\{88ee5d19-f0ed-3a48-71e5-bf244422e9ac}\components\f-PQ-_tcNvg_.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-a-D6RBON-XsW - c:\windows\system32\a-D6RBON-XsW.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 10:16
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


c:\windows\TEMP\TMP0000008D6C9C16E13C6D6732 524288 bytes executable

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-03-23 10:18:49
ComboFix-quarantined-files.txt 2010-03-23 09:18

Vor Suchlauf: 9 Verzeichnis(se), 214.152.056.832 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 214.121.422.848 Bytes frei

- - End Of File - - 81CA06E7EF002D5FC0DBB39EBD3D8EB7

Wo finde ich die Log-Dateien combofix.txt und .... programs.txt ?

Zitat

Hattest Du einmal MCAFEE drauf??

- das dürfte noch drauf sein... (siehe ältere Threads von mir). Kann man das nicht fixen?