Trojaner gefunden TR/BHO.215552

#0
18.03.2010, 18:03
Member

Beiträge: 54
#1 Hallo!

Lange, lange war Ruhe - jetzt hat mich wieder einer erwischt. Von Avira kommt die Meldung, dass ich folgenden Trojaner auf meinem Laptop habe:

TR/BHO.215552

Von Avira gibts noch keine Details dazu.

Weiters ist mir aufgefallen, dass mein FF ständig sich selbst schließt und dass ich nun auch - egal auf welche Seite ich gehe - ein "Banner" kommt, der sich nicht wegschalten lässt. Über jedem Forum und auch bei Facebook ist diese Leiste da.

Wie soll ich vorgehen und wer kann mir helfen.

Vielen Dank und schönen Abend

PS: Auf dem angehängten Bild sieht man die Leiste, die ich meine. Sie ändert sich ständig und jedesmal ist ein neuer Banner dabei.

Seitenanfang Seitenende
18.03.2010, 18:17
Moderator

Beiträge: 5694
#2 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:

Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

>Doppelklick auf die OTL.exe
-->Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
>Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
>Unter Extra Registry, wähle bitte Use SafeList
>Klicke nun auf Run Scan links oben
>Wenn der Scan beendet wurde werden 2 Logfiles erstellt
>Poste die Logfiles in Code-Tags hier in den Thread.

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

• alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Gmer ist geeignet für => NT/W2K/XP/VISTA.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
• Gmer startet automatisch einen ersten Scan.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Code

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

• Unbedingt auf "No" klicken,
anschließend über den Copy-Button das bisherige Resultat in die Zwischenablage zu kopieren.
• Füge das Log aus der Zwischenablage mit STRG + V in Deine Antwort in Deinem Thread ein.
.
• Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
• Hake an: System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
• Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren.
Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein (mit STRG + V).

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.
Seitenanfang Seitenende
18.03.2010, 18:53
Member

Themenstarter

Beiträge: 54
#3 Hallo Swiss!

DANKE für deine schnelle Hilfe. Brauchst du auch ein hijackthis log von mir?

Sonst starte ich jetzt alles, was du geschrieben hast.
Damit bin ich dann eh die nächste Zeit "bedient" ;-)

Merci

Ach ja - das hat AVIRA noch gemeldet: wit4ie.dll - steht neben dem Trojaner Namen
Seitenanfang Seitenende
18.03.2010, 19:17
Member

Themenstarter

Beiträge: 54
Seitenanfang Seitenende
18.03.2010, 19:45
Moderator

Beiträge: 5694
#5 Hilfe in mehreren Foren gleichzeitig suchen?

Es gibt immer wieder Fälle, wo wir darauf stoßen, dass User in mehreren Foren gleichzeitig nach Hilfe suchen. Es ist verständlich, dass Du Dein Problem so schnell wie möglich aus der Welt schaffen möchtest, dennoch ist es kontraproduktiv gleich mehrere Foren mit Deinem Problem zu beschäftigen.

Entscheide Dich für ein Forum. Ich bin auf beiden anwesend.
Seitenanfang Seitenende
18.03.2010, 21:48
Member

Themenstarter

Beiträge: 54
#6 Oje... entweder hab ich was falsch verstanden....

Zitat

>Poste die Logfiles in Code-Tags hier in den Thread.
ich hab das so verstanden, dass ich die Logfiles dort posten soll - denn "Code-Tags" ist mit dem Link zu dem anderen Forum hinterlegt.

hmmm, wie jetzt?

*fragenderblick*
Seitenanfang Seitenende
18.03.2010, 23:39
Moderator

Beiträge: 5694
#7 Ach so ;) Ich werde es hierher kopieren.


Code

OTL logfile created on: 18.03.2010 19:01:13 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Users\Txxxx\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,09 Gb Total Space | 200,73 Gb Free Space | 69,92% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 2,07 Gb Free Space | 20,70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1022,00 Mb Total Space | 1017,03 Mb Free Space | 99,51% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Txxxxxx-PC
Current User Name: Txxxx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Txxxxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\Txxxxxxx\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (0125231253034588mcinstcleanup) McAfee Application Installer Cleanup (0125231253034588) --  File not found
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (Agere Systems)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MfeRKDK) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeBOPK) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MfeAVFK) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (ql40xx) -- C:\windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=92&bd=all&pf=cmnb[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=92&bd=all&pf=cmnb[/url]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=92&bd=all&pf=cmnb[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://www.google.com/ie[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.google.com[/url]
[COLOR="Red"]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url]http://chameleontom.iamwired.net/[/url][/COLOR]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [url]http://www.google.com/ie[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://www.google.com/ie[/url]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Search"
[COLOR="Red"]FF - prefs.js..browser.search.defaulturl: "http://chameleontom.iamwired.net/search.php?src=tops&q="[/COLOR]
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.at"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4
FF - prefs.js..extensions.enabledItems: {88ee5d19-f0ed-3a48-71e5-bf244422e9ac}:4.6.6.4
[COLOR="Red"]FF - prefs.js..keyword.URL: "http://chameleontom.iamwired.net/search.php?src=tops&q="[/COLOR]


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.09.24 21:37:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.15 21:12:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.02 07:51:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.02.15 21:08:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.02.15 21:08:50 | 000,000,000 | ---D | M]

[2009.10.29 08:16:57 | 000,000,000 | ---D | M] -- C:\Users\Trummer\AppData\Roaming\mozilla\Extensions
[2009.10.29 08:16:57 | 000,000,000 | ---D | M] -- C:\Users\Trummer\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.03.18 07:46:11 | 000,000,000 | ---D | M] -- C:\Users\Trummer\AppData\Roaming\mozilla\Firefox\Profiles\04kb3su3.default\extensions
[2009.09.17 08:15:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Trummer\AppData\Roaming\mozilla\Firefox\Profiles\04kb3su3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.28 09:14:47 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\Trummer\AppData\Roaming\mozilla\Firefox\Profiles\04kb3su3.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2009.09.24 17:20:32 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Trummer\AppData\Roaming\mozilla\Firefox\Profiles\04kb3su3.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010.01.29 10:07:34 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Trummer\AppData\Roaming\mozilla\Firefox\Profiles\04kb3su3.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.01.30 15:25:01 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Trummer\AppData\Roaming\mozilla\Firefox\Profiles\04kb3su3.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.03.01 16:50:16 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.02.26 11:48:48 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Programme\Mozilla Firefox\extensions\{88ee5d19-f0ed-3a48-71e5-bf244422e9ac}
[2010.02.15 21:12:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.15 21:12:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.15 21:12:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.15 21:12:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.15 21:12:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (WitBHO Class) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Programme\ChameleonTom\wit4ie.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (chameleontom) - {c4aca082-91e5-781b-a266-58868701e06d} - C:\Windows\System32\_NGKxJMjpIMn6JA.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD8SESD\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - c:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Programme\ChameleonTom\ct.htm ()
O9 - Extra 'Tools' menuitem : ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Programme\ChameleonTom\ct.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com (•  http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com (•  https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [url]http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab[/url] (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab[/url] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab[/url] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab[/url] (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Trummer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\UA8H7I0V\CIMG9144.JPG
O24 - Desktop BackupWallPaper: C:\Users\Trummer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\UA8H7I0V\CIMG9144.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{158dbd5a-f2be-11de-8729-0025b35a7e3c}\Shell - "" = AutoRun
O33 - MountPoints2\{158dbd5a-f2be-11de-8729-0025b35a7e3c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6ee03f20-f7e9-11de-887a-0025b35a7e3c}\Shell - "" = AutoRun
O33 - MountPoints2\{6ee03f20-f7e9-11de-887a-0025b35a7e3c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{6ee03f2a-f7e9-11de-887a-0025b35a7e3c}\Shell - "" = AutoRun
O33 - MountPoints2\{6ee03f2a-f7e9-11de-887a-0025b35a7e3c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{7d0d08fd-f7ab-11de-950b-0025b35a7e3c}\Shell - "" = AutoRun
O33 - MountPoints2\{7d0d08fd-f7ab-11de-950b-0025b35a7e3c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{7d0d093a-f7ab-11de-950b-0025b35a7e3c}\Shell - "" = AutoRun
O33 - MountPoints2\{7d0d093a-f7ab-11de-950b-0025b35a7e3c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{b990b3fa-c452-11de-83c1-00247e83eaa4}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.03.11 22:00:20 | 000,000,000 | ---D | C] -- C:\Programme\BR_Hilfe
[2010.03.11 20:21:54 | 000,000,000 | ---D | C] -- C:\Users\Trummer\AppData\Local\Apple Computer
[2010.03.01 16:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.03.01 16:50:32 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.03.01 16:50:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2010.03.01 16:50:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2010.03.01 16:50:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2010.02.26 11:48:32 | 000,000,000 | ---D | C] -- C:\Programme\ChameleonTom
[2010.02.24 08:05:41 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2010.02.24 08:05:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010.02.24 08:05:19 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_isv.exe
[2010.02.24 08:05:19 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_isv.dll
[2010.02.24 08:05:19 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc.dll
[2010.02.24 08:05:19 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp_isv.exe
[2010.02.24 08:05:18 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate.exe
[2010.02.24 08:05:18 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp.exe
[2010.02.24 08:05:18 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdrm.dll
[2010.02.24 08:05:18 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp_isv.dll
[2010.02.24 08:05:18 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp.dll
[2010.02.24 08:05:16 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\gameux.dll
[2010.02.24 08:05:15 | 004,240,384 | ---- | C] (Microsoft) -- C:\windows\System32\GameUXLegacyGDFs.dll
[2010.02.24 08:05:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Apphlpdm.dll
[2010.02.20 00:47:50 | 003,604,480 | ---- | C] (Google Inc.) -- C:\windows\System32\GPhotos.scr
[2009.09.15 17:52:05 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009.09.15 17:52:03 | 000,203,312 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.03.18 19:02:00 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.18 19:00:58 | 002,883,584 | -HS- | M] () -- C:\Users\Trummer\NTUSER.DAT
[2010.03.18 18:35:04 | 000,002,735 | ---- | M] () -- C:\Users\Trummer\Desktop\Microsoft Office Outlook 2007.lnk
[2010.03.18 18:04:55 | 000,140,124 | ---- | M] () -- C:\Users\Trummer\Desktop\obere leiste.jpg
[2010.03.18 18:02:00 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.18 17:32:39 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.18 17:32:39 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.18 07:37:38 | 000,000,426 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{1FCCFA48-27A3-4113-99A4-38636A463B2B}.job
[2010.03.18 07:32:49 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe
[2010.03.18 07:32:46 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll
[2010.03.18 07:32:40 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010.03.18 07:32:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010.03.18 07:32:30 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.17 20:13:41 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2010.03.17 20:13:31 | 000,524,288 | -HS- | M] () -- C:\Users\Trummer\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010.03.17 20:13:31 | 000,065,536 | -HS- | M] () -- C:\Users\Trummer\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010.03.17 20:13:08 | 003,073,757 | -H-- | M] () -- C:\Users\Trummer\AppData\Local\IconCache.db
[2010.03.16 15:33:55 | 000,392,657 | R--- | M] () -- C:\Users\Trummer\Desktop\La Esperanza-Beraterantrag-Deutschland_15_03_2010.pdf
[2010.03.15 15:27:43 | 000,001,018 | ---- | M] () -- C:\Users\Trummer\Desktop\La_Esperanza_Gesch%E4ftspr%E4sentation_14_03_2010 - Verknüpfung.lnk
[2010.03.15 15:19:56 | 001,541,724 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010.03.15 15:19:56 | 000,664,282 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010.03.15 15:19:56 | 000,625,582 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010.03.15 15:19:56 | 000,142,622 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010.03.15 15:19:56 | 000,117,144 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010.03.15 14:00:15 | 000,488,688 | ---- | M] () -- C:\Users\Trummer\Desktop\P3140290.jpg
[2010.03.11 22:00:33 | 000,001,672 | ---- | M] () -- C:\Users\Public\Desktop\BR_Hilfe.lnk
[2010.03.11 11:00:15 | 000,034,894 | ---- | M] () -- C:\Users\Trummer\Documents\IGM- Aufgabenstellung-Claudia Trummer.pdf
[2010.03.11 10:57:52 | 000,038,395 | ---- | M] () -- C:\Users\Trummer\Documents\IGM- Plan75-Trummer Claudia.pdf
[2010.03.11 10:56:28 | 000,028,160 | ---- | M] () -- C:\Users\Trummer\Documents\IGM- Plan75.doc
[2010.03.11 10:37:08 | 000,028,672 | ---- | M] () -- C:\Users\Trummer\Documents\IGM- Aufgabenstellung.doc
[2010.03.10 15:38:11 | 000,001,670 | ---- | M] () -- C:\Users\Trummer\Desktop\[url="http://www.ccleaner.de"]CCleaner[/url].lnk
[2010.03.06 21:31:41 | 000,010,707 | ---- | M] () -- C:\Users\Trummer\Documents\IGM- Aufgabenstellung.docx
[2010.03.06 09:20:14 | 049,901,307 | R--- | M] () -- C:\Users\Trummer\Desktop\vpBrosch200910endfassung_tcm29-2216.pdf
[2010.03.05 18:37:38 | 000,046,080 | ---- | M] () -- C:\Users\Trummer\Desktop\UN-Interview-03-10 (2).doc
[2010.03.02 17:19:13 | 000,002,564 | ---- | M] () -- C:\Users\Trummer\Desktop\ct0210mlminfos.jpg
[2010.03.01 12:58:29 | 000,904,393 | ---- | M] () -- C:\Users\Trummer\P1010044.JPG
[2010.03.01 12:58:27 | 000,890,254 | ---- | M] () -- C:\Users\Trummer\P1010043.JPG
[2010.02.26 21:04:17 | 000,004,096 | -H-- | M] () -- C:\Users\Trummer\AppData\Local\keyfile3.drm
[2010.02.26 11:48:49 | 000,112,301 | ---- | M] () -- C:\windows\System32\a-D6RBON-XsW.exe
[2010.02.24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2010.02.24 09:07:08 | 000,119,696 | ---- | M] () -- C:\Users\Trummer\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.24 09:06:14 | 000,433,976 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010.02.20 00:47:50 | 003,604,480 | ---- | M] (Google Inc.) -- C:\windows\System32\GPhotos.scr
[2010.02.18 08:31:02 | 001,261,568 | ---- | M] () -- C:\windows\System32\_NGKxJMjpIMn6JA.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.03.18 18:04:54 | 000,140,124 | ---- | C] () -- C:\Users\Trummer\Desktop\obere leiste.jpg
[2010.03.16 15:34:27 | 000,392,657 | R--- | C] () -- C:\Users\Trummer\Desktop\Lxxxxx.pdf
[2010.03.15 15:27:43 | 000,001,018 | ---- | C] () -- C:\Users\Trummer\Desktop\Lxxxxxx.lnk
[2010.03.15 14:00:15 | 000,488,688 | ---- | C] () -- C:\Users\Trummer\Desktop\P3140290.jpg
[2010.03.11 22:00:33 | 000,001,672 | ---- | C] () -- C:\Users\Public\Desktop\BR_Hilfe.lnk
[2010.03.11 11:00:15 | 000,034,894 | ---- | C] () -- C:\Users\Trummer\Documents\IGM- Aufgabenstellung-xxxx.pdf
[2010.03.11 10:57:51 | 000,038,395 | ---- | C] () -- C:\Users\Trummer\Documents\IGM- Plan75-xxxx.pdf
[2010.03.11 10:37:21 | 000,028,160 | ---- | C] () -- C:\Users\Trummer\Documents\IGM- Plan75.doc
[2010.03.11 10:26:00 | 000,028,672 | ---- | C] () -- C:\Users\Trummer\Documents\IGM- Aufgabenstellung.doc
[2010.03.06 13:07:10 | 000,010,707 | ---- | C] () -- C:\Users\Trummer\Documents\IGM- Aufgabenstellung.docx
[2010.03.06 09:20:14 | 049,901,307 | R--- | C] () -- C:\Users\Trummer\Desktop\vpBrosch200910endfassung_tcm29-2216.pdf
[2010.03.05 18:37:37 | 000,046,080 | ---- | C] () -- C:\Users\Trummer\Desktop\UN-Interview-03-10 (2).doc
[2010.03.02 17:19:13 | 000,002,564 | ---- | C] () -- C:\Users\Trummer\Desktop\xxxxxinfos.jpg
[2010.03.01 12:58:06 | 000,904,393 | ---- | C] () -- C:\Users\Trummer\P1010044.JPG
[2010.03.01 12:58:06 | 000,890,254 | ---- | C] () -- C:\Users\Trummer\P1010043.JPG
[2010.02.26 11:48:49 | 000,112,301 | ---- | C] () -- C:\windows\System32\a-D6RBON-XsW.exe
[2010.02.18 08:31:02 | 001,261,568 | ---- | C] () -- C:\windows\System32\_NGKxJMjpIMn6JA.dll
[2009.12.08 21:02:53 | 000,000,000 | ---- | C] () -- C:\Users\Trummer\AppData\Local\FnF4.txt
[2009.11.12 16:40:51 | 000,000,095 | ---- | C] () -- C:\Users\Trummer\AppData\Local\fusioncache.dat
[2009.11.12 16:40:36 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2009.10.20 17:24:43 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2009.10.05 09:01:33 | 000,004,096 | -H-- | C] () -- C:\Users\Trummer\AppData\Local\keyfile3.drm
[2009.09.24 20:54:12 | 000,003,337 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.09.19 18:03:55 | 000,027,136 | ---- | C] () -- C:\Users\Trummer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.16 08:57:45 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.09.16 08:57:45 | 000,000,008 | RHS- | C] () -- C:\ProgramData\0C55781952.sys
[2009.09.15 20:26:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.15 18:04:50 | 000,000,000 | ---- | C] () -- C:\Users\Trummer\AppData\Local\QSwitch.txt
[2009.09.15 18:04:50 | 000,000,000 | ---- | C] () -- C:\Users\Trummer\AppData\Local\DSwitch.txt
[2009.09.15 18:04:50 | 000,000,000 | ---- | C] () -- C:\Users\Trummer\AppData\Local\AtStart.txt
[2009.09.15 17:52:03 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009.09.15 17:52:03 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009.09.15 17:52:03 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2009.09.15 17:41:17 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009.05.26 10:33:53 | 000,000,185 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009.04.16 00:25:22 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2008.04.17 17:29:08 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:8FF81EB0
< End of report >


/////////////////////////////// 2. Log /////////////////////////////////////

OTL Extras logfile created on: 18.03.2010 19:01:14 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Users\Trummer\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,09 Gb Total Space | 200,73 Gb Free Space | 69,92% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 2,07 Gb Free Space | 20,70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1022,00 Mb Total Space | 1017,03 Mb Free Space | 99,51% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Txxxxxx-PC
Current User Name: Txxxxx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [BIPA FotoShop] -- "C:\Program Files\BIPA\BIPA FotoShop\BIPA FotoShop.exe" "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{387CF886-A38F-4995-85FD-A16916FFE816}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{388EE629-CB26-441A-8EBC-C929241FB58C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{496944A5-04A0-4CA0-9287-A510121B8D0F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{500279D5-2E99-42B3-BFE1-3D0E6623F4EA}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{60BBF561-3E27-415C-9EB7-6EE0A2B9C6BA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{612F7055-AC11-4F78-A0E3-D297AFEADA77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A2BCE6D-E5E2-4CC4-A0D3-DB82DDB94526}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B8C08F2F-C3A1-44E5-96C1-CC38443080AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE389A90-1341-47DC-9661-FF518580E187}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E4A96AB1-B09F-4725-A490-7491A91039CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EAF71C7F-16FA-4FE3-9F2B-EC9A8E92F49C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FBA60DFA-9894-4BA0-A780-04B7B5DC4AEA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29DCC385-E0B4-473E-B941-0430C120A5EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{35FE6839-BAAB-4432-919A-0B5FC9C7BE3B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{39B17B05-3935-4C03-89E6-BFF9AC409003}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{45B3E334-84A0-48B9-8AD9-9A46F648D636}" = protocol=17 | dir=in | app=c:\program files\deepinvent\mailstore home\mailstorelocal.exe |
"{4F62B726-E198-4067-8F1B-BE48B67B8ECF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5CD54F20-844B-46B2-98E1-5D87CF899A64}" = dir=in | app=e:\setup\hpznui01.exe |
"{6225B76F-4773-41D4-9F2F-1D7F821AEBB1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{715C6312-8224-4DB4-A3E3-2BD272C0FB4E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{8057ED49-5DEB-45E2-88D7-C2EF7A2D4F35}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{8C4864E1-90E2-4295-8340-BE3D80A4E5FC}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{954A2227-9DAC-43AB-9F6A-A1C2E1BDFB50}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{9745701D-228B-46F4-801C-9C4D9DE5DECB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{9751C249-760A-4691-BA8C-9AA70C05350D}" = protocol=6 | dir=in | app=c:\program files\deepinvent\mailstore home\mailstorelocal.exe |
"{9D84374B-4EFC-4F43-89E8-68FD57F6B36E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{AB205475-F49E-4120-97A1-EE1516884847}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{AB721309-5DB5-4254-8FCC-7676FE3E38F4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{ACF50550-B20C-4918-9909-6F8891ABA714}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{AFCD855C-F44C-4A51-B4A8-1638F3D341C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{EDB73C33-CD0A-4CA8-9902-4C9DD1DA3433}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{F824947C-5ECC-415D-9DCA-5F09BB3DA1F8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{5E9F859E-1A97-4B82-B437-6D3000B7DED5}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"TCP Query User{A69922AA-134A-4920-AAAC-FCC544507478}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B6FB6247-3826-4B2E-8CC3-F70096D29534}C:\programdata\spontania4im\spontaniavideo.exe" = protocol=6 | dir=in | app=c:\programdata\spontania4im\spontaniavideo.exe |
"UDP Query User{3BF79EE1-2DAB-4D08-A3A8-962108159991}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{75045953-6F5D-4961-AC4F-FF052801A911}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{9D6CE6A9-26F0-475F-8061-9A24B298804F}C:\programdata\spontania4im\spontaniavideo.exe" = protocol=17 | dir=in | app=c:\programdata\spontania4im\spontaniavideo.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{1373F37A-08A5-A7C9-7004-BE87467CF585}" = Catalyst Control Center Graphics Full New
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1D3EF69A-BBC3-B00B-0C36-062A36466706}" = CCC Help Greek
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2287DBA3-AD47-4FF0-AAB6-551992E43D0D}" = HP User Guides 0133
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{253FCC55-E03D-40D4-A407-3470BE4101C0}" = VistaPrint Electronic Business Card
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{255D9E15-C69E-D650-EBC8-2209DA1ABDAE}" = CCC Help Russian
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 18
"{26DEDA99-DDD3-48E1-42AA-E6D7C2594646}" = CCC Help Portuguese
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2B7F990D-80DF-4122-56E4-20CDDB696CBA}" = Skins
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{31043705-9B90-482A-1654-4DAB99F125FF}" = CCC Help French
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.50 A1
"{37B41895-0BEE-3831-531B-EFBB4F9E3505}" = Catalyst Control Center Core Implementation
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3BA904CF-8B75-41AF-A5D2-F18A511536CA}" = LightScribe System Software
"{3C6D6D40-CCD7-FAD1-C71B-F4A005CA7FB2}" = CCC Help Chinese Traditional
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41818E2C-E227-BD82-1F80-8D2603B00EB3}" = Catalyst Control Center Localization All
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48EE8491-08E3-4996-ACA4-1E71ED5A1C4F}" = Catalyst Control Center Graphics Full Existing
"{491464CD-DF4B-8DF3-108A-0C4D988F7E08}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4DF06829-423B-4D04-9ABB-4C8D9ABF7BC5}" = CCC Help Thai
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4FEA85FC-49B2-2472-E2B1-ED902D0E7607}" = CCC Help Dutch
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5BFB956C-3AB9-492A-9E91-5D8C87DCC598}" = Paint.NET v3.5.1
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{6270CB34-1536-454B-9246-B7CB50AF6324}" = Mobile Breitband-Internet-Installation
"{6441AF33-BEF0-A597-9D4F-B2EC69C7EB85}" = CCC Help Japanese
"{6533DCA9-C3C4-A141-0AC2-2AA60BB88714}" = CCC Help Swedish
"{65E38B35-E861-39AD-94C3-9A6BC099BE73}" = ATI Catalyst Install Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{697B1E2E-4754-1E53-1EA2-5B54794DF4C4}" = CCC Help Norwegian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CB01492-9EB8-6EA9-0EEC-88FECA4CA74D}" = CCC Help Italian
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75C5100D-9874-EA1C-EBF1-B11DB721C7D0}" = CCC Help Chinese Standard
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B5B7A1F-149A-922A-B855-6B80FC1D0664}" = CCC Help Czech
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E05A9B8-173B-9DFC-75FA-A1EA61F737B1}" = CCC Help Korean
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9ED8918B-6561-2C39-0703-67273861F84A}" = CCC Help Danish
"{A1DB71A6-3809-4A85-2CD9-C4518C123F95}" = CCC Help Finnish
"{A3276EED-22A1-4808-9AA3-88A451482E10}" = Catalyst Control Center - Branding
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA8EC7A4-EA02-4A72-B14F-65DA485F74C8}" = ESU for Microsoft Vista SP1
"{AAB53AB8-03FC-5F3C-2822-312D66E15DA5}" = CCC Help Spanish
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB497FF1-AEA0-2B68-AB6F-F9577916A0CD}" = ccc-utility
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6FECC42-C7ED-86E2-3BD8-6EF99FEF168A}" = CCC Help German
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BA6FDFE7-A596-0ABE-0F2A-4B90AF48439F}" = Catalyst Control Center InstallProxy
"{C021640F-DED0-71B2-CA5B-8F1EE1130E26}" = CCC Help English
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DC28A406-462D-4A08-A125-3EAF8A64DE4E}" = HP Wireless Assistant
"{DCB51FBC-68AD-42FF-8426-199F1FE2C4F5}" = AMD USB Filter Driver
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E05EB9D2-8559-4821-98AC-3D5DA3242D5B}" = Vista Default Settings
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4A4F5C0-C67F-22EC-319B-44546DFC3DB3}" = Catalyst Control Center Graphics Light
"{E777AA77-5DF2-99D1-CF96-7EECFA652AA0}" = ccc-core-static
"{EA3BE3EA-A032-BC41-B753-74453AD7D22F}" = CCC Help Turkish
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFBE9BC0-39D6-FC89-5353-5641A18761F9}" = CCC Help Polish
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = CPQ Wallpaper
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F639E2A2-FE6B-4527-B8BE-C1C423B81844}" = HP Webcam
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"a-D6RBON-XsW" = LoudMo Contextual Ad Assistant
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Premium
"AVS Audio Editor_is1" = AVS Audio Editor version 5.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BIPA FotoShop" = BIPA FotoShop
"BR_Biethilfe" = BR_Biethilfe 1.5.0
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"[url="http://www.ccleaner.de"]CCleaner[/url]" = [url="http://www.ccleaner.de"]CCleaner[/url]
"ChameleonTom" = Chameleon Tom
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{F639E2A2-FE6B-4527-B8BE-C1C423B81844}" = HP Webcam
"IrfanView" = IrfanView (remove only)
"Lagerverwaltung" = RE's Lager-Verwaltung Version 1.3
"MailStore Home_is1" = MailStore Home 3.0.2.2448
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Breitband-Internet-Installation" = Mobile Breitband-Internet-Installation
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"Nvu_is1" = Nvu 1.0
"PDF Complete" = PDF Complete
"Picasa 3" = Picasa 3
"Polipo" = Polipo 1.0.4
"PROHYBRIDR" = 2007 Microsoft Office system
"Shop for HP Supplies" = Shop for HP Supplies
"Supreme Auction_is1" = Supreme Auction
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Tor" = Tor 0.2.1.22
"Veetle TV" = Veetle TV 0.9.15
"Vidalia" = Vidalia 0.2.6
"VLC media player" = VLC media player 1.0.2

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AHK BBCodeWriter" = AHK BBCodeWriter

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 15.03.2010 06:54:47 | Computer Name = Trummer-PC | Source = WinMgmt | ID = 10
Description =

Error - 16.03.2010 02:53:05 | Computer Name = Trummer-PC | Source = WinMgmt | ID = 10
Description =

Error - 16.03.2010 12:00:34 | Computer Name = Trummer-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 16.03.2010 12:00:34 | Computer Name = Trummer-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 16.03.2010 14:11:35 | Computer Name = Trummer-PC | Source = WinMgmt | ID = 10
Description =

Error - 16.03.2010 14:57:06 | Computer Name = Trummer-PC | Source = Google Update | ID = 20
Description =

Error - 16.03.2010 17:37:35 | Computer Name = Trummer-PC | Source = WinMgmt | ID = 10
Description =

Error - 17.03.2010 04:04:24 | Computer Name = Trummer-PC | Source = WinMgmt | ID = 10
Description =

Error - 17.03.2010 15:13:43 | Computer Name = Trummer-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PsiService_2.exe, Version 2.0.1.124, Zeitstempel
0x46a641af, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xb00, Anwendungsstartzeit
01cac5a8621d6cfc.

Error - 18.03.2010 02:33:13 | Computer Name = Trummer-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 17.01.2010 14:07:05 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7440
seconds with 240 seconds of active time.  This session ended with a crash.

Error - 22.01.2010 08:27:48 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time.  This session ended with a crash.

Error - 25.01.2010 05:35:41 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
seconds with 0 seconds of active time.  This session ended with a crash.

Error - 28.01.2010 12:39:13 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 833
seconds with 180 seconds of active time.  This session ended with a crash.

Error - 31.01.2010 06:25:54 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 526
seconds with 60 seconds of active time.  This session ended with a crash.

Error - 18.02.2010 10:59:30 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3039
seconds with 1260 seconds of active time.  This session ended with a crash.

Error - 20.02.2010 05:11:17 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4556
seconds with 240 seconds of active time.  This session ended with a crash.

Error - 21.02.2010 07:44:56 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
seconds with 0 seconds of active time.  This session ended with a crash.

Error - 23.02.2010 09:47:48 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7428
seconds with 120 seconds of active time.  This session ended with a crash.

Error - 01.03.2010 13:48:44 | Computer Name = Trummer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31277
seconds with 4020 seconds of active time.  This session ended with a crash.

[ System Events ]
Error - 16.03.2010 17:37:37 | Computer Name = Trummer-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 16.03.2010 17:37:37 | Computer Name = Trummer-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 16.03.2010 17:39:00 | Computer Name = Trummer-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 17.03.2010 04:04:24 | Computer Name = Trummer-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17.03.2010 04:04:24 | Computer Name = Trummer-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17.03.2010 04:05:58 | Computer Name = Trummer-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 18.03.2010 02:33:14 | Computer Name = Trummer-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.03.2010 02:33:14 | Computer Name = Trummer-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.03.2010 02:33:35 | Computer Name = Trummer-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 18.03.2010 12:51:19 | Computer Name = Trummer-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.0.0.5 für die Netzwerkkarte mit der Netzwerkadresse
002556A35FA1 wurde durch den DHCP-Server 10.0.0.138 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).


< End of report >
Seitenanfang Seitenende
18.03.2010, 23:58
Moderator

Beiträge: 5694
#8 Du musst immer alles hier posten!

Schritt 1

Programme deinstallieren

Da einige Programme und Anti-Spy-Programme uns u. U. bei der Bereinigung behindern (z. B. durch ständig laufende Hintergrundwächter), unnötig oder schädlich sind oder einfach nicht mehr gebraucht werden, bitte ich darum, die folgenden Programme über Systemsteuerung => Software komplett zu deinstallieren.

Code

ChameleonTom
Berichte mir, falls sich ein Programm nicht deinstallieren lässt. Nach Beendigung der Bereinigung können wir schauen, welche davon Du wieder installieren kannst/sollest.


Schritt 2

Datei-Überprüfung

Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. Dafür musst Du jede Datei einzeln über den Button "Durchsuchen" und "Senden der Datei" nach VirusTotal hochladen und prüfen lassen. Wenn VirusTotal die Datei empfangen hat, wird sie diese mit mehreren Anti-Virus-Scannern prüfen und die Ergebnisse anzeigen. Sollte VirusTotal melden, dass die Datei bereits überpüft wurde, lasse sie trotzdem über den Button "Analysiere die Datei" erneut prüfen.

Wenn das Ergebnis vorliegt, den kleinen Button "Filter" links oberhalb der Ergebnisse drücken, dann das Ergebnis (egal wie es aussieht und dabei auch die Zeilen mit Namen und Größe der Datei, MD5 und SHA1 kopieren) hier posten. Solltest Du die Datei/en nicht finden oder hochladen können, dann teile uns das ebenfalls mit. Solltest Du die Datei/en nicht finden, überprüfe, ob folgende Einstellungen richtig gesetzt sind.

Zitat

C:\windows\System32\a-D6RBON-XsW.exe
Schritt 3

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://chameleontom.iamwired.net/
FF - prefs.js..browser.search.defaulturl: "http://chameleontom.iamwired.net/search.php?src=tops&q="
FF - prefs.js..keyword.URL: "http://chameleontom.iamwired.net/search.php?src=tops&q="
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O2 - BHO: (WitBHO Class) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Programme\ChameleonTom\wit4ie.dll ()
O2 - BHO: (chameleontom) - {c4aca082-91e5-781b-a266-58868701e06d} - C:\Windows\System32\_NGKxJMjpIMn6JA.dll ()
O9 - Extra Button: ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Programme\ChameleonTom\ct.htm ()
O9 - Extra 'Tools' menuitem : ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Programme\ChameleonTom\ct.htm ()
[2010.02.26 11:48:32 | 000,000,000 | ---D | C] -- C:\Programme\ChameleonTom
O33 - MountPoints2\{158dbd5a-f2be-11de-8729-0025b35a7e3c}\Shell - "" = AutoRun
O33 - MountPoints2\{158dbd5a-f2be-11de-8729-0025b35a7e3c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6ee03f20-f7e9-11de-887a-0025b35a7e3c}\Shell - "" = AutoRun
O33 - MountPoints2\{6ee03f20-f7e9-11de-887a-0025b35a7e3c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{6ee03f2a-f7e9-11de-887a-0025b35a7e3c}\Shell - "" = AutoRun
O33 - MountPoints2\{6ee03f2a-f7e9-11de-887a-0025b35a7e3c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{7d0d08fd-f7ab-11de-950b-0025b35a7e3c}\Shell - "" = AutoRun
O33 - MountPoints2\{7d0d08fd-f7ab-11de-950b-0025b35a7e3c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{7d0d093a-f7ab-11de-950b-0025b35a7e3c}\Shell - "" = AutoRun
O33 - MountPoints2\{7d0d093a-f7ab-11de-950b-0025b35a7e3c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{b990b3fa-c452-11de-83c1-00247e83eaa4}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
[2010.02.26 11:48:49 | 000,112,301 | ---- | C] () -- C:\windows\System32\a-D6RBON-XsW.exe
[2010.02.18 08:31:02 | 001,261,568 | ---- | C] () -- C:\windows\System32\_NGKxJMjpIMn6JA.dll
[2010.02.18 08:31:02 | 001,261,568 | ---- | M] () -- C:\windows\System32\_NGKxJMjpIMn6JA.dll
:Commands
[purity]
[emptytemp]
• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread

Schritt 4

Nun fehlt aber noch der Rootkitscan:

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

• alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Gmer ist geeignet für => NT/W2K/XP/VISTA.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
• Gmer startet automatisch einen ersten Scan.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Code

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

• Unbedingt auf "No" klicken,
anschließend über den Copy-Button das bisherige Resultat in die Zwischenablage zu kopieren.
• Füge das Log aus der Zwischenablage mit STRG + V in Deine Antwort in Deinem Thread ein.
.
• Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
• Hake an: System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
• Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren.
Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein (mit STRG + V).

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.
Seitenanfang Seitenende
19.03.2010, 08:05
Member

Themenstarter

Beiträge: 54
#9 Guten Morgen!

Hier mal das Logfile von GMER - hat die ganze Nacht gebraucht....

Ich mach mich jetzt mal an die nächsten Posts von dir ran...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-19 08:00:29
Windows 6.0.6002 Service Pack 2
Running: o88rj59c.exe; Driver: C:\Users\Trummer\AppData\Local\Temp\awldrfoc.sys


---- System - GMER 1.0.15 ----

SSDT 815C0454 ZwCreateThread
SSDT 815C0440 ZwOpenProcess
SSDT 815C0445 ZwOpenThread
SSDT 815C044F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 81EE1984 4 Bytes [54, 04, 5C, 81]
.text ntkrnlpa.exe!KeSetEvent + 3F1 81EE1B54 4 Bytes [40, 04, 5C, 81]
.text ntkrnlpa.exe!KeSetEvent + 40D 81EE1B70 4 Bytes [45, 04, 5C, 81]
.text ntkrnlpa.exe!KeSetEvent + 621 81EE1D84 4 Bytes [4F, 04, 5C, 81]
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9BA01000, 0x251858, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\windows\Explorer.EXE[1048] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74827817] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1048] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7487A86D] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1048] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7482BB22] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1048] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7481F695] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1048] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748275E9] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1048] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7481E7CA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1048] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74858395] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1048] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7482DA60] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1048] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7481FFFA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1048] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7481FF61] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1048] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748171CF] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1048] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [748ACAE2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1048] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7484C8D8] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1048] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7481D968] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1048] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [74816853] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1048] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7481687E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1048] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74822AD1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e83eaa4
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00247e83eaa4 (not active ControlSet)

---- EOF - GMER 1.0.15 ----
Seitenanfang Seitenende
19.03.2010, 20:16
Member

Themenstarter

Beiträge: 54
#10 So ....

Schritt 1 ist erledigt

Schritt 2 - genau nach Anweisung - findet die exe Datei nicht. Kann sie auch nicht hochladen.

Ich fahre jetzt mit Schritt 3 fort.

Schritt 3:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "http://chameleontom.iamwired.net/search.php?src=tops&q=" removed from browser.search.defaulturl
Prefs.js: "http://chameleontom.iamwired.net/search.php?src=tops&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F}\ deleted successfully.
File C:\Programme\ChameleonTom\wit4ie.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4aca082-91e5-781b-a266-58868701e06d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4aca082-91e5-781b-a266-58868701e06d}\ deleted successfully.
C:\Windows\System32\_NGKxJMjpIMn6JA.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}\ not found.
File C:\Programme\ChameleonTom\ct.htm not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}\ not found.
File C:\Programme\ChameleonTom\ct.htm not found.
Folder C:\Programme\ChameleonTom\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{158dbd5a-f2be-11de-8729-0025b35a7e3c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{158dbd5a-f2be-11de-8729-0025b35a7e3c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{158dbd5a-f2be-11de-8729-0025b35a7e3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{158dbd5a-f2be-11de-8729-0025b35a7e3c}\ not found.
File I:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ee03f20-f7e9-11de-887a-0025b35a7e3c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ee03f20-f7e9-11de-887a-0025b35a7e3c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ee03f20-f7e9-11de-887a-0025b35a7e3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ee03f20-f7e9-11de-887a-0025b35a7e3c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ee03f2a-f7e9-11de-887a-0025b35a7e3c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ee03f2a-f7e9-11de-887a-0025b35a7e3c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ee03f2a-f7e9-11de-887a-0025b35a7e3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ee03f2a-f7e9-11de-887a-0025b35a7e3c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d0d08fd-f7ab-11de-950b-0025b35a7e3c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d0d08fd-f7ab-11de-950b-0025b35a7e3c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d0d08fd-f7ab-11de-950b-0025b35a7e3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d0d08fd-f7ab-11de-950b-0025b35a7e3c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d0d093a-f7ab-11de-950b-0025b35a7e3c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d0d093a-f7ab-11de-950b-0025b35a7e3c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d0d093a-f7ab-11de-950b-0025b35a7e3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d0d093a-f7ab-11de-950b-0025b35a7e3c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b990b3fa-c452-11de-83c1-00247e83eaa4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b990b3fa-c452-11de-83c1-00247e83eaa4}\ not found.
File H:\InstallTomTomHOME.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\Windows\System32\a-D6RBON-XsW.exe moved successfully.
File C:\windows\System32\_NGKxJMjpIMn6JA.dll not found.
File C:\windows\System32\_NGKxJMjpIMn6JA.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

User: Public

User: Trummer
->Temp folder emptied: 4333933 bytes
->Temporary Internet Files folder emptied: 37320184 bytes
->Java cache emptied: 51103644 bytes
->FireFox cache emptied: 49240817 bytes
->Flash cache emptied: 6638 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1254757 bytes
RecycleBin emptied: 406673 bytes

Total Files Cleaned = 137,00 mb

Error: Unable to interpret <Quelle: http://board.protecus.de/t39314.htm#337660#ixzz0ieTSEYZs> in the current context!

OTL by OldTimer - Version 3.1.37.3 log created on 03192010_201917

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


==============================

Und jetzt noch mal GMER - wird vermutlich wieder die ganze Nacht dauern.
Dieser Beitrag wurde am 19.03.2010 um 20:28 Uhr von network-mama editiert.
Seitenanfang Seitenende
19.03.2010, 20:48
Member

Themenstarter

Beiträge: 54
#11 Schritt 4 lässt sich nicht mehr ausführen. GMER stürzt nach 3 min. ab, fährt das System nieder.
Danach kommt ein blauer Screen - "you computer has damaged".

HILFE!!!!

und jetzt?

*totalverzweifelt*
Seitenanfang Seitenende
19.03.2010, 23:49
Moderator

Beiträge: 5694
#12 Geht gar nichts mehr?? Kommst Du nicht mehr zur Oberfläche?


1. Die Windows Vista-CD ins CD-Laufwerk liegen.
2. Unter Start => ausführen => kopiere den folgenden Befehl dort hinein:

Zitat

sfc /scannow
Damit werden geschütze Systemdateien überprüft und bei Bedarf mit dem Original ersetzt.
Seitenanfang Seitenende
20.03.2010, 10:01
Member

Themenstarter

Beiträge: 54
#13 Wenn ich sfc /scannow unter "ausführen" eingebe, dann blitzt nur kurz ein Feld mit einem Klang auf und das wars wieder.
Seitenanfang Seitenende
20.03.2010, 11:12
Moderator

Beiträge: 5694
#14 Dann start --> Ausführen --> gib ein cmd --> dann dort cd c:\ eingeben und dann sfc /scannow
Seitenanfang Seitenende
20.03.2010, 12:35
Member

Themenstarter

Beiträge: 54
#15 ok - kann alles machen, allerdings kommt die meldung ich müsse als Admin angemeldet sein und eine Konsolensitzung ausführen, um das SFC-Programm verwenden zu können.

Ich BIN als Admin angemeldet....

:-(

btw.. DANKE für deine Geduld :-)
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: