| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google öffnet andere seiten als gewähltWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.06.2012, 16:12
| #1 |
| |  Google öffnet andere seiten als gewählt Hallo zusammen, bin ganz neu und frisch hier. hab über die google suche zu euch gefunden, da mein rechner mir seit mehr als einer woche probleme macht. als aller erstes bekam ich den virus oder was auch immer, der sich wohl data recovery nennt. ich hatte keinen zugriff mehr auf dateien und ordner. das hatte ich dann meines erachtens mal im griff. als zweites bekam ich dann auf einmal meldungen von live security platinum, dass weitere viren etc. platzierte. wärend des ganzen szenarios hatte ich probleme mit allen browsern und google. insbesondere wenn ich nach trojaner, viren etc. suchte und auf ein ergebnis klickte, öffneten sich andere seiten bzw. wurde im hintergrund andere seiten nachgeladen. teils werden auch auf einmal werbetexte gesprochen, obwohl man kein fenster eines browsers sieht. was hab ich bereits gemacht: virenprüfung mit avira free - ohne erfolg - malewarebyte prüfung mit einigen funden und löschungen unhide programm eingesetzt um ordner und startmenü wieder zu sehen. nur teilerfolge. startmenü - programme hat noch immer sehr viele leere ordner. roguekiller.exe eingesetzt - scan und entfernungen otl.exe ausgeführt und logs erstellt offene probleme: - startmenü - programme einträge fehlen - google öffnet falsche seiten - sicher noch weitere viren, trojaner und rootkits (sofern mein laienverstand) otl.txt Code:
ATTFilter OTL logfile created on: 28.06.2012 22:49:41 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\thompson\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,49% Memory free 4,00 Gb Paging File | 2,85 Gb Available in Paging File | 71,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 234,08 Gb Total Space | 63,79 Gb Free Space | 27,25% Space Free | Partition Type: NTFS Drive D: | 6,09 Gb Total Space | 0,88 Gb Free Space | 14,39% Space Free | Partition Type: NTFS Drive K: | 225,58 Gb Total Space | 205,66 Gb Free Space | 91,17% Space Free | Partition Type: NTFS Computer Name: THOMPSON-PC | User Name: thompson | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.28 20:24:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\thompson\Desktop\OTL.exe PRC - [2012.05.08 18:43:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 18:43:50 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 18:43:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 18:43:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.08.10 16:39:48 | 001,313,640 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\itype.exe PRC - [2011.08.01 15:56:42 | 001,821,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.21 02:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.10.07 11:12:22 | 001,086,760 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe PRC - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2008.07.22 19:33:36 | 000,150,528 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe PRC - [2007.01.18 16:46:00 | 004,349,952 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.09.28 15:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Win32 Services (SafeList) ========== SRV - [2012.06.20 17:34:12 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.11 17:24:14 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.08 18:43:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 18:43:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.27 17:59:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.09.23 23:42:26 | 000,249,344 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2009.09.23 23:37:54 | 000,694,784 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC) SRV - [2009.09.23 23:28:30 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE) DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.08 18:43:54 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 18:43:54 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.05.18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.08.12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2007.10.26 18:51:26 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.10.26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2005.12.12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2) DRV - [2005.05.03 17:34:02 | 000,027,392 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{BBCAA50B-B1AD-4DBB-97F1-15A17A771FFA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&client=&rlz=1I7HPEA_deDE226 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.31 12:12:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.13 18:27:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.13 18:27:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.31 12:12:07 | 000,000,000 | ---D | M] [2009.12.20 16:57:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thompson\AppData\Roaming\mozilla\Extensions [2009.03.27 18:56:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thompson\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012.06.12 20:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions [2012.06.12 20:22:01 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2010.05.13 11:25:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.09 20:00:10 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2012.01.22 20:16:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.01.13 19:39:05 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2009.12.20 16:57:25 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions\seoquake-plugin-seolinx@seoquake.com [2012.01.06 12:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.12.20 16:35:08 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAM FILES\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF} [2012.05.11 17:24:14 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.13 19:46:40 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.13 19:46:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.13 19:46:40 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.13 19:46:40 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 19:46:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 19:46:40 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.06.26 20:34:50 | 000,000,726 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\thompson\AppData\Roaming\Mozilla\Firefox\Profiles\91s4v81v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.77.dll File not found O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [hpqSRMon] C:\Programme\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKCU..\Run: [IBP] File not found O4 - Startup: C:\Users\thompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\thompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\thompson\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\thompson\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab (IPSUploader Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A61794B-8259-46CA-9461-B02AE529ACF8}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.28 20:24:15 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\thompson\Desktop\OTL.exe [2012.06.28 17:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.28 17:51:30 | 000,000,000 | ---D | C] -- C:\Users\thompson\Desktop\Tweaking.com - Unhide Non System Files [2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Windows Desktop Search [2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Sun [2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Skype [2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Opera [2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\ICQ [2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Google Inc [2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Dropbox [2012.06.27 18:44:44 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Help [2012.06.27 18:42:21 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum [2012.06.27 18:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D562590032C9340147612CB4EB23C1 [2012.06.27 18:40:00 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\TeamViewer [2012.06.27 18:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software [2012.06.26 21:00:52 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Malwarebytes [2012.06.26 21:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.26 21:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.26 20:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus [2012.06.25 18:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools [2012.06.25 18:09:53 | 000,203,088 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys [2012.06.25 18:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2012.06.25 18:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012.06.25 18:09:16 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\TestApp [2012.06.21 20:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai [2012.06.20 18:23:21 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Local\Macromedia [2012.06.19 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\thompson\Desktop\thesis_185 [2012.06.13 18:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.06.13 18:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.06.13 18:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.06.13 18:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime ========== Files - Modified Within 30 Days ========== [2012.06.28 22:50:57 | 000,009,504 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.28 22:50:57 | 000,009,504 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.28 22:44:37 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.28 22:44:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.28 22:43:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.28 22:43:13 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys [2012.06.28 22:15:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.28 20:24:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\thompson\Desktop\OTL.exe [2012.06.28 18:50:23 | 000,127,458 | ---- | M] () -- C:\Users\thompson\.ranktracker.properties [2012.06.28 18:50:23 | 000,019,703 | ---- | M] () -- C:\Users\thompson\Documents\www.muskelbody.info.stk [2012.06.28 18:50:23 | 000,018,878 | ---- | M] () -- C:\Users\thompson\Documents\www.muskelbody.de.stk [2012.06.28 18:50:23 | 000,018,760 | ---- | M] () -- C:\Users\thompson\Documents\www.kickboxxen.de.stk [2012.06.28 18:50:23 | 000,017,686 | ---- | M] () -- C:\Users\thompson\Documents\www.sportsuche.info.stk [2012.06.28 18:50:23 | 000,017,473 | ---- | M] () -- C:\Users\thompson\Documents\www.thaiboxxen.de.stk [2012.06.28 18:50:23 | 000,014,780 | ---- | M] () -- C:\Users\thompson\Documents\www.amerika-fans.de.stk [2012.06.28 18:20:00 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\20090511_181600_thompson2.job [2012.06.28 18:03:53 | 000,000,036 | ---- | M] () -- C:\Users\thompson\AppData\Local\housecall.guid.cache [2012.06.28 17:55:49 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.28 17:51:02 | 000,555,748 | ---- | M] () -- C:\Users\thompson\Desktop\Tweaking.com-UnhideNonSystemFiles.exe [2012.06.28 17:40:39 | 001,545,216 | ---- | M] () -- C:\Users\thompson\Desktop\RogueKiller.exe [2012.06.27 17:58:38 | 000,657,428 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.27 17:58:38 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.27 17:58:38 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.27 17:58:38 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.26 23:24:56 | 000,001,190 | ---- | M] () -- C:\Windows\System32\ServiceConfig.xml [2012.06.26 23:24:55 | 000,000,334 | ---- | M] () -- C:\Windows\System32\CountScans.XML [2012.06.26 23:24:53 | 000,001,738 | ---- | M] () -- C:\Windows\System32\EmailAVConfig.xml [2012.06.26 16:20:17 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_0_00_re.pad [2012.06.25 18:11:18 | 001,530,075 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2012.06.22 19:58:03 | 000,608,181 | ---- | M] () -- C:\Users\thompson\.spyglass.properties [2012.06.22 19:58:03 | 000,418,952 | ---- | M] () -- C:\Users\thompson\Documents\www.kickboxxen.de.spy [2012.06.22 19:58:03 | 000,048,121 | ---- | M] () -- C:\Users\thompson\Documents\www.amerika-fans.de.spy [2012.06.21 20:16:42 | 000,704,512 | ---- | M] () -- C:\Users\thompson\Documents\Kickboxen.msam [2012.06.21 17:59:17 | 000,333,504 | ---- | M] () -- C:\Users\thompson\.ranktracker.properties.bak [2012.06.20 17:52:06 | 000,128,201 | ---- | M] () -- C:\Users\thompson\Documents\www.fitness4beginner.com.stk [2012.06.20 17:52:06 | 000,111,770 | ---- | M] () -- C:\Users\thompson\Documents\www.bodybuilding4beginner.com.stk [2012.06.20 17:52:06 | 000,109,667 | ---- | M] () -- C:\Users\thompson\Documents\www.power-bodybuilding.de.stk [2012.06.20 17:52:06 | 000,104,993 | ---- | M] () -- C:\Users\thompson\Documents\www.fit54.de.stk [2012.06.20 17:52:06 | 000,098,484 | ---- | M] () -- C:\Users\thompson\Documents\www.classic-bodybuilding.de.stk [2012.06.16 20:57:00 | 000,140,250 | ---- | M] () -- C:\Users\thompson\Documents\www.kickboxen24.de.spy [2012.06.14 17:31:41 | 000,490,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.06 11:33:37 | 001,157,820 | ---- | M] () -- C:\Users\thompson\Desktop\SEO-mit-Koepfchen.pdf [2012.06.03 12:58:14 | 000,194,363 | ---- | M] () -- C:\Users\thompson\Documents\www.urlaub-erlebnisse.de.spy [2012.06.03 12:58:12 | 000,251,693 | ---- | M] () -- C:\Users\thompson\Documents\www.thaiboxxen.de.spy [2012.06.01 19:33:01 | 000,208,102 | ---- | M] () -- C:\Users\thompson\Documents\www.onlinemarks.de.spy ========== Files Created - No Company Name ========== [2012.06.28 18:03:53 | 000,000,036 | ---- | C] () -- C:\Users\thompson\AppData\Local\housecall.guid.cache [2012.06.28 17:55:49 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.28 17:51:02 | 000,555,748 | ---- | C] () -- C:\Users\thompson\Desktop\Tweaking.com-UnhideNonSystemFiles.exe [2012.06.28 17:40:29 | 001,545,216 | ---- | C] () -- C:\Users\thompson\Desktop\RogueKiller.exe [2012.06.26 23:24:56 | 000,001,190 | ---- | C] () -- C:\Windows\System32\ServiceConfig.xml [2012.06.26 23:24:55 | 000,000,334 | ---- | C] () -- C:\Windows\System32\CountScans.XML [2012.06.26 23:24:53 | 000,001,738 | ---- | C] () -- C:\Windows\System32\EmailAVConfig.xml [2012.06.26 09:25:19 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_0_00_re.pad [2012.06.25 18:10:00 | 001,530,075 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2012.06.21 18:06:22 | 000,127,458 | ---- | C] () -- C:\Users\thompson\.ranktracker.properties [2012.06.16 20:57:00 | 000,140,250 | ---- | C] () -- C:\Users\thompson\Documents\www.kickboxen24.de.spy [2012.06.06 11:33:37 | 001,157,820 | ---- | C] () -- C:\Users\thompson\Desktop\SEO-mit-Koepfchen.pdf [2012.06.03 12:58:15 | 000,048,121 | ---- | C] () -- C:\Users\thompson\Documents\www.amerika-fans.de.spy [2012.06.03 12:58:14 | 000,194,363 | ---- | C] () -- C:\Users\thompson\Documents\www.urlaub-erlebnisse.de.spy [2011.12.31 13:44:50 | 000,000,288 | ---- | C] () -- C:\Users\thompson\AppData\Roaming\.backup.dm [2011.11.13 16:05:55 | 000,001,464 | ---- | C] () -- C:\Users\thompson\.recently-used.xbel [2011.11.03 19:56:07 | 000,000,167 | ---- | C] () -- C:\Users\thompson\udownload.dat [2011.05.27 16:42:00 | 000,333,504 | ---- | C] () -- C:\Users\thompson\.ranktracker.properties.bak [2011.05.24 17:51:37 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2010.04.01 18:04:09 | 000,455,542 | ---- | C] () -- C:\Users\thompson\.linkassistant.properties [2010.04.01 18:01:42 | 002,728,079 | ---- | C] () -- C:\Users\thompson\.websiteauditor.properties [2010.02.11 18:48:04 | 000,003,584 | ---- | C] () -- C:\Users\thompson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.20 17:25:04 | 000,000,306 | R-S- | C] () -- C:\ProgramData\ntuser.pol [2009.12.13 15:49:24 | 000,000,134 | ---- | C] () -- C:\Users\thompson\AppData\Roaming\default.rss [2009.03.27 19:04:20 | 000,608,181 | ---- | C] () -- C:\Users\thompson\.spyglass.properties [2009.03.27 19:00:25 | 000,469,445 | ---- | C] () -- C:\Users\thompson\.ranktracker.properties.alt [2009.02.17 21:41:10 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL899.DBF [2009.02.17 21:41:10 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL504.DBF [2009.02.17 21:41:01 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL987.DBF [2009.02.17 21:41:01 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL140.DBF [2009.02.17 21:37:33 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL791.DBF [2009.02.17 21:37:33 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL161.DBF [2009.02.17 21:37:06 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL584.DBF [2009.02.17 21:37:06 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL441.DBF [2009.02.17 21:36:39 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL991.DBF [2009.02.17 21:36:39 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL107.DBF [2009.02.17 21:36:21 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL525.DBF [2009.02.17 21:36:21 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL389.DBF [2008.03.11 11:18:06 | 000,000,000 | ---- | C] () -- C:\Users\thompson\tracert [2008.02.14 17:49:41 | 000,000,400 | ---- | C] () -- C:\Users\thompson\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2012.03.27 18:46:02 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Article Marketing Robot [2009.12.20 16:56:55 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Artisteer [2012.06.27 18:49:28 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Dropbox [2012.01.22 20:16:56 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\DVDVideoSoft [2012.01.22 20:16:13 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\DVDVideoSoftIEHelpers [2009.12.20 16:56:55 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Elaborate Bytes [2011.11.27 18:17:57 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\EurekaLog [2012.06.22 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\FileZilla [2009.12.20 16:56:56 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\FireShot [2011.11.13 16:05:55 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\gtk-2.0 [2009.12.20 16:56:56 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Haufe [2009.12.22 21:34:07 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\IBP [2012.06.27 18:49:28 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\ICQ [2010.01.25 20:28:53 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Image Zone Express [2012.02.28 19:36:56 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Juniper Networks [2009.12.20 16:56:58 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Lexware [2012.02.25 14:45:44 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 [2009.12.20 16:57:26 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Notepad++ [2012.06.27 18:49:28 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Opera [2009.12.20 16:57:26 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Printer Info Cache [2012.02.06 19:36:54 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\redsn0w [2011.12.08 19:09:10 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\ScrapeBoard [2009.12.20 16:57:29 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Screenshot Studio Files [2009.12.20 16:57:29 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\SharePod [2010.07.30 10:44:10 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Software4u [2012.06.28 18:11:50 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\TeamViewer [2008.02.14 17:49:40 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Template [2012.06.25 18:09:16 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\TestApp [2012.06.27 18:49:28 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Windows Desktop Search [2012.06.28 18:20:00 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\20090511_181600_thompson2.job [2012.04.27 17:31:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C895616B @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.06.2012 22:49:41 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\thompson\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,49% Memory free
4,00 Gb Paging File | 2,85 Gb Available in Paging File | 71,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 234,08 Gb Total Space | 63,79 Gb Free Space | 27,25% Space Free | Partition Type: NTFS
Drive D: | 6,09 Gb Total Space | 0,88 Gb Free Space | 14,39% Space Free | Partition Type: NTFS
Drive K: | 225,58 Gb Total Space | 205,66 Gb Free Space | 91,17% Space Free | Partition Type: NTFS
Computer Name: THOMPSON-PC | User Name: thompson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = txt_auto_file] -- C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe (IDM Computer Solutions, Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B04C7F6-9818-4DDA-AD4F-1A963297C77F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D1D5917-217B-416C-8BD9-7FB711966ABE}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0DEBDE75-9EC9-4D95-A853-332A20FCDD11}" = lport=445 | protocol=6 | dir=in | app=system |
"{1E5F2988-7F4E-4DF4-8D47-CF6807A6C6A6}" = rport=137 | protocol=17 | dir=out | app=system |
"{270ED854-D8AF-4626-8F1E-4BB8EA5729A0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{2C6935A3-E83E-492C-A9E3-405A66063A41}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{2F46730A-9BDC-4151-BAA6-66C5B9B9814A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{41954B97-7703-42C0-87FB-3637BBD95C57}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4468E6C1-5500-4B24-85ED-EFD40107583E}" = lport=139 | protocol=6 | dir=in | app=system |
"{4AFFB243-D8DF-4210-A4DA-34C85AAE03EA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5550C1F9-78F2-48C8-8FB1-71BD6214584E}" = lport=138 | protocol=17 | dir=in | app=system |
"{606EF82E-2B29-450C-BDEF-0EBD05589812}" = rport=139 | protocol=6 | dir=out | app=system |
"{61B1A9A2-DFAD-46F8-9244-4E54A0B1E6D7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{662A297D-D202-49EC-9F5B-E0737C6687E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{66332F66-AADB-4639-A03C-DD94905F86E7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6D131D32-9C30-4C15-BAF8-DE72927347F3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{737D4CFD-D3B9-49E2-ABF2-6F22EAED9F21}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{817387BE-243C-4183-AAFA-4E6D85084F0D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{81C856A7-51E8-484B-A1DB-C94AD65A83A1}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{909A1E57-5A5B-4E5A-919A-F9FA0FA151EE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{955CB305-F123-4D6E-AC75-791A97AF8B74}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{9633B770-88F8-482F-8B80-DA421ED223E0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A1070D7F-92D0-4820-90C2-59AFF5E4D0BF}" = rport=138 | protocol=17 | dir=out | app=system |
"{A33F6D69-36ED-44C6-A4D3-D8557008F319}" = lport=19890 | protocol=6 | dir=in | name=emuleplus |
"{A4001F35-E0C1-4892-A7C5-BA50B0252C37}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A5C64F44-85B3-4359-AAC7-DD1662325B8C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BE63C12B-0234-4ADB-B924-D7E2BA7763B9}" = rport=445 | protocol=6 | dir=out | app=system |
"{BFDAD47C-A6B5-43E3-BA34-C11D690A4ED0}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C3DC3444-B13F-46E8-A384-569D987AAE71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5DEE29F-70FC-4201-B0CB-1BD3039F388C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA6DDBC1-8D8F-4535-BEC9-5E12C5A0187C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2E53249-8EF8-4712-AC31-98F7C3073B33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7F91CF5-7583-4CFE-9060-4505C947421A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E9D89E1B-4C02-4AC2-86C2-69231EC846F9}" = lport=19909 | protocol=17 | dir=in | name=emuleplus |
"{EA3F2ED8-09C4-40C0-99C8-3780A0474661}" = lport=137 | protocol=17 | dir=in | app=system |
"{F25E9886-5514-4645-A712-9A192A47001A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F75BE7C7-E2D8-4316-8573-CAF4CD08D11B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FFA7A982-E1AE-4E94-A330-AC861133D8F5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002D64EF-B9FE-40E6-BD2D-3C43697357B9}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpofxs08.exe |
"{0095222B-49FB-47CD-B942-E796E3D4E1B8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0EE0F716-5243-481E-9DBE-DE301C77FD92}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0EFCC318-BAF9-4200-B112-CD72C6F997B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{108B7FC3-AC84-4901-A1D4-3129948B95B2}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqste08.exe |
"{15009CDB-E154-44FD-83CD-F95DE06FFB1E}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe |
"{1C2BD388-0A6A-4F51-BCCD-CBF0AB5CCCF8}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqkygrp.exe |
"{1E8C2CB0-9ABF-4A11-9278-CC44BC429C29}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{22A4B4CD-E099-479F-85D6-F1263528F0F7}" = dir=in | app=c:\users\thompson\appdata\local\temp\7zs686e\ojprol7x00_basic_13\setup\hpznui01.exe |
"{25619689-992A-4872-BFAD-494F8BB1A885}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2701DA01-860D-49A0-94BC-5B9ED31D4E3A}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgpc01.exe |
"{2A593A3B-FEAB-4C8A-9C9C-AEA90EB0002E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2CA810FE-5A62-4156-9D3D-C2C68EC7A7C2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DF01227-4090-4D22-BF27-A3DC8B93660A}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{3603DAE6-5AAF-4115-9404-1F618C77C58E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{40CD558F-14F6-45F5-A45F-8FA06C179192}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56EEF153-0627-42C9-8EFC-772F69DF7BCC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5E0CDA8D-CCE8-4FC5-AD76-AEDFCDB38B5D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{60B75AB6-FE72-4FB4-9D12-93B53DD22377}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6217CE90-C322-414D-B5CE-A7487D8F92C3}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpzwiz01.exe |
"{6473E382-1984-46B5-A4E0-919D339FC38E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6844C55F-EA68-4E7C-A828-11A96F1A858A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6DDBAD2C-2049-474E-A942-B804812FE72C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{70076366-D992-4154-94B2-A82872F78D6F}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpofxm08.exe |
"{7EBBB9ED-12A5-4069-88E1-FA41A07E7B9E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81B21FCB-FA23-4CBC-8BE5-A5278BEA2410}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{84557E41-C43D-4F31-9DFD-C7AD860A0E2D}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposid01.exe |
"{849691AC-EA0C-424A-A0EC-8C8060E86992}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{862660AF-B033-4028-9FCD-6ACB00E9243A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{906831B2-9034-4826-AC22-7C7EB65A30FE}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{92FDCAC6-A73F-423E-8DF5-8BA7EEA1E407}" = protocol=6 | dir=out | app=system |
"{93BD79E4-2D16-4570-B84D-9B5590D44FFC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9503D348-7ECA-4C8B-82D4-E5BD16F17D8D}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpse.exe |
"{97679506-53CB-471E-BC4D-7816EC89638D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9BC3337F-5A11-4F45-A30C-9C599E4D1C02}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpfccopy.exe |
"{A2B102CF-C454-4B8B-A5D6-605B6DF0928F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A4930D2B-B5F5-432A-A8AD-D2C616EE3699}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqfxt08.exe |
"{B047E94A-B6CC-4452-B9EE-0BD88CC887E1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B5D10224-1CA7-427F-8A9B-66920B4B0971}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B6BFDC5F-7797-4E0D-B5FE-B3B7A14385F2}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqusgm.exe |
"{B71061C8-EA07-4388-8CFF-5FCD072A918F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BCD97137-0631-4CE7-B809-5F6E1701AAAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD066AB8-DBD1-451B-AA5D-C1E4F80A062A}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpoews01.exe |
"{CDC4F102-02FF-460E-9816-2B2193C902B4}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqsudi.exe |
"{D1C83DA8-0B44-46EE-AB8D-D83E9220171C}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposfx08.exe |
"{D55C4518-B4AB-4030-9EE7-51837A12A871}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D63D127B-4C7F-45BC-85A9-6A3E5823F7D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DABB11A6-1E6B-4E30-8DF1-B6B4BFD5366D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E571B65F-F257-4610-B385-FF9293E60D4B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EA01F09F-9E56-412C-9DE4-161FB0200EAA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC93B788-F539-4A49-A362-DB19C451BDD4}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpsapp.exe |
"{ECC37AA2-1B72-492F-A412-AB0BAD0B62CA}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpiscnapp.exe |
"{F05E2EE1-CA72-4F65-B4DB-DB5D9A5FF6BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F07FAF86-BB2F-48EB-8E41-23C1CE2B61A6}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgplgtupl.exe |
"{F2C2B075-79C9-4CE4-BC30-7FA3C8EDD3D1}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\smart web printing\smartwebprintexe.exe |
"{F6C35E85-DC03-49BA-A9A0-FC98755BB73C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FAA0DC7E-3051-4690-BF55-30448CF99A2D}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqusgh.exe |
"{FE9A03E3-9D89-453C-A0DD-68ED1D3B892D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{0927750C-24F5-4F4C-8B34-34D2BDADF44E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{13C7E3AE-7517-4F3E-BE39-D2A4908A0CDE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{20C572A7-601F-4A4C-AF04-B8E7EF4D334F}C:\program files\filezilla\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla\filezilla.exe |
"TCP Query User{54018C2F-132C-4886-93DF-E33E83A28496}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6BC7363E-35DF-4626-974A-3212BD46AE24}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{7C06C916-BD3C-434B-A3DC-2DBBCD390705}C:\program files\filezilla\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla\filezilla.exe |
"TCP Query User{7D9FB5A0-4D98-4E82-B6C2-5D3A458863D0}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{07640177-23D2-47A5-9310-98AC2C1FB017}C:\program files\filezilla\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla\filezilla.exe |
"UDP Query User{54BB9F6F-C267-4573-93B6-604F93E729D9}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{954DB2AE-6A29-4F18-A30A-EB46F8E350F8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B7B2F9DC-C09A-4F86-9ECA-892C0ACD8FAE}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{C130A960-455C-4E73-BC0B-32B7D02EB576}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{C98F21B8-05DC-467E-9D80-722188C04EE5}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{D6C1EBBE-5A66-4BE8-AA3F-F0B94F6F9FF7}C:\program files\filezilla\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla\filezilla.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BC91FE3-6BF9-F7B4-0FD2-FCAE4F9000D1}" = CCC Help Russian
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{118D05F0-7FF0-3E24-CD5F-DB5D57FE177F}" = Catalyst Control Center Localization Arabic
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1712D153-997A-606E-B6AF-4F681B74080D}" = Catalyst Control Center Localization Arabic
"{1716D952-F601-4A07-8988-7FCFAEDE6FDC}" = TAXMAN Bibliothek 2008
"{1736D2AA-3AFE-FDFD-CA71-70F1097065B4}" = Catalyst Control Center Localization Japanese
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17CB4D2C-109D-4141-8ABE-81734B6EE2A6}" = Lexware reisekosten 2007
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A19B4A3-6CE7-4388-B21F-679803C6C76B}" = TAXMAN 2009
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 29
"{2868D89F-0E09-F510-786A-ED9CF373D250}" = CCC Help Finnish
"{298B9EAE-7A8B-5744-CAD4-67D9E711165A}" = CCC Help Czech
"{2A21D839-D33C-4538-9F2C-F34E23944C4F}" = Counting Calories
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D39B1D3-8D64-2375-F269-78525187D7B3}" = Catalyst Control Center Graphics Light
"{2E18F469-FA74-0A56-BC8C-367FA0CF4258}" = CCC Help Dutch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3526C5B8-60EE-4199-BEFD-6BCC86F051B9}" = TAXMAN 2011
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A7E8601-F0C9-49A0-855A-EEDEEFE11F7E}" = Lexware buchhalter 2007
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EAE4683-E5EE-4835-AAAF-9F2A3014E04B}" = Lexware reisekosten 2007
"{3EC92206-C4A6-49CF-A272-92F75CB1D5F3}" = bpd_scan
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F6D3D01-AAD3-482A-BFB7-81E0D3D09BC8}" = Steuer Update 14.01
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4125BA98-9BEE-4FF7-7082-115BFEB27226}" = CCC Help Norwegian
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{459EE562-CABA-46F6-1CA4-938936A91936}" = CCC Help Danish
"{460255AF-48D3-1E9C-D8D7-298A99A0A678}" = Catalyst Control Center Localization Arabic
"{463B9920-5000-BE51-A871-35E2D45ED867}" = Catalyst Control Center Localization Chinese Standard
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F91BB7B-34E9-4B52-B997-DD79C18EBB9C}" = Steuer Update 14.01
"{50349CC6-93AF-4E38-BA37-AE5E34FC4AAC}" = Forum Submitter Pro Full
"{515D3E4C-ADC5-4DB4-A497-ADCF3007522E}" = Bookmark Submitter Pro 1.2
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{546D2C57-5303-BA1D-6331-5A3394DDD71B}" = Catalyst Control Center Localization German
"{565CD8A6-176B-1207-1240-722CEBA84724}" = Catalyst Control Center Core Implementation
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{583CE6F6-ED34-F20F-3DC8-EFB0743B6DDA}" = CCC Help Hungarian
"{58730FDB-32C4-037A-5C90-48C6FB5DCFFE}" = Catalyst Control Center Graphics Full Existing
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A8B8118-1C13-48F1-81FB-A5101C2111A8}" = L7500
"{5C5B0836-9648-4057-8044-2DF181E073E2}" = TAXMAN 2010
"{5D71E42B-EA8B-4B05-94F1-D5965495EAF1}_is1" = Easy Directory Preview 4.0
"{5EDB9281-1F84-4195-9CDD-85985D17DDC7}" = WISO Sparbuch 2007
"{602BF11C-6893-5491-1DEB-7A6255201325}" = Catalyst Control Center Localization Korean
"{6112AB38-4403-07EE-AD4B-8F48118EBD6B}" = CCC Help Portuguese
"{617F8655-94E0-4634-9B32-2066B895E044}" = CCC Help Italian
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61FEAA90-615B-4243-B7DA-075D0898C018}" = BPDSoftware
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{639A78A5-7657-91ED-2696-C370E144EC4F}" = Catalyst Control Center Localization Arabic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64E7BCC8-38B0-0E50-8E36-5CC1D7475D26}" = CCC Help Thai
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6DBC0F39-0463-9BC1-849C-0A0B2C204386}" = CCC Help Polish
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{700C61BE-9424-4B20-9153-7A0C59722AF4}" = TAXMAN Bibliothek 2009
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70788C1F-9CFB-41A8-807F-E79AE0F9C6FD}" = Lexware reisekosten 2007
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E81E513-27E6-4EC2-BA25-ECF1023A070D}" = Lexware reisekosten 2007
"{80A698BD-2A09-DB65-ADFD-A66A050FAE65}" = CCC Help Chinese Traditional
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BFA0B2C-BA3B-0E8B-67BA-FA0410AA10D2}" = Catalyst Control Center Localization Chinese Traditional
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96950C03-3E2A-4A9F-8555-5D68AC86D6C9}" = PowerArchiver 2007
"{99B8D963-82E9-4062-8068-77FD918D34ED}" = ProductContext
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A0EE0D2C-BEE9-B859-E463-458BE87B25AB}" = CCC Help Chinese Standard
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A219F6D7-D2AD-4DD5-AC31-C23AA2E18084}" = HP OfficeJet L7300/L7500/7600/7700
"{A4EB2CB5-192E-C901-49D7-27043E55F7B5}" = CCC Help Japanese
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A6BFA328-0A46-42EF-B414-8B67E87A2B1F}" = 7500_7600_7700_Help
"{A7032E84-E2A2-4CB9-B9A2-37DC13AB3944}" = Branding
"{A7104E5E-1226-FFCC-1003-6C99365F1919}" = Catalyst Control Center Localization Arabic
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA0C1E1-8F39-4AB0-9283-78140537BB40}" = BPDSoftware_Ini
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC46B67D-DB12-E7E2-61F0-4B6435653F4D}" = CCC Help German
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AE21E4BF-CF54-B6BD-4B1C-138758D20273}" = Catalyst Control Center Localization Czech
"{B086C0BC-BAF1-5854-BC82-EFF6C87338F1}" = Catalyst Control Center Localization Arabic
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B26CEFDF-DD0A-4145-ADE6-EE3440DB6711}" = Lexware reisekosten 2007
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B696F009-553D-D952-B17E-177D4A39FA9D}" = CCC Help Swedish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B877EB7B-DE53-46F7-AF2A-AF5E3677B625}" = Lexware buchhalter 2007
"{BA21A3B6-657B-A2F6-4F4A-F66C2E1BC4DB}" = CCC Help English
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1271FFE-3308-2DA1-BD86-9351A05F4ABF}" = Catalyst Control Center Localization Arabic
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C495CF53-757E-45B7-A7BB-6BBC78841482}" = Article Marketing Robot
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C75516AD-FF5B-E44A-D963-92D80550E489}" = Market Samurai
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C9265D86-7D94-D0E1-75CF-7CC93446198E}" = Catalyst Control Center Localization Spanish
"{CB7E133A-3D83-2D77-D9CC-74EB98315C6A}" = Catalyst Control Center Localization French
"{CBC544C4-EBFC-4471-8FE3-BF3DDCEE3840}" = Lexware buchhalter 2007
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC8B683E-D86A-E319-97B1-CF28B058A96F}" = CCC Help Spanish
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D475C927-0688-DC5B-E084-02A06E2E4A92}" = CCC Help Korean
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA66BD16-2521-BAB5-3B0C-6B815E6F2EA3}" = CCC Help Turkish
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE8E01EF-B558-3F37-54FA-58E3E9AD9F99}" = Catalyst Control Center Localization Italian
"{E0381F29-0570-AD2D-2D20-163894482635}" = Catalyst Control Center Localization Greek
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E2500C71-5D43-4BA0-B044-9BA9A3A11CAD}" = Lexware buchhalter 2007
"{E3B394BD-D7DD-4AEB-C58B-F3DD661118C2}" = Catalyst Control Center Localization Finnish
"{e3da6c6a-3208-4572-9441-971c22032624}" = Nero 9
"{E434651B-B1E6-D18A-F9DE-C4F6DEB6DF50}" = ccc-utility
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}" = Roxio MyDVD Basic v9
"{E505DA68-3442-5D45-2BD4-1AF0B6312E53}" = ccc-core-static
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E90BD770-3186-D20F-D208-9DBC1D56BA59}" = Skins
"{E952ACFA-0CEB-AAFF-BDA1-1B1F52822CDB}" = CCC Help French
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{E98371BD-6C0D-463E-B004-E6303F9A34A7}" = Lexware buchhalter 2008
"{EAFD70B2-FF28-45CD-B4F2-F99E82FD39A3}" = Steuer Update 14.01
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB964A30-1DCE-A5D4-3548-818813F134C5}" = Catalyst Control Center Localization Arabic
"{EC4D5610-F99A-41C8-BA00-9801F81A46CD}" = Lexware buchhalter 2007
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE075733-8D73-953E-CFAE-608D78269724}" = CCC Help Greek
"{EF949584-D843-4F7F-A4B4-070CC9E48B45}" = UltraCompare Professional
"{EFE38CC6-2592-4F93-B59B-CE4B69600890}" = TAXMAN 2009
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0D18300-5161-E74C-2148-99B03453F394}" = Catalyst Control Center Graphics Full New
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F331FBDC-7DCF-4598-9E7C-E11865677AB4}" = TAXMAN 2008
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F55CA27A-8C3C-4E7D-891B-D29FD3259A94}" = TAXMAN 2008
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{F960CCDA-F7A0-3BE8-B30C-71BC8D4274E4}" = ccc-localization-da
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FBED9ACC-AA03-19C2-D4F7-F055B6816EE8}" = Catalyst Control Center Localization Hungarian
"{FE688026-1C8C-4E50-889D-4B6607CADC24}" = Lexware buchhalter 2008
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Free Antivirus
"CloneCD" = CloneCD
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Easy Directory Preview_is1" = Easy Directory Preview 2.1 (Update)
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.5.3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"Free Studio_is1" = Free Studio version 4.8
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 2.9
"Free YouTube Download_is1" = Free YouTube Download 2.1
"Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.1
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IBP10_is1" = IBP 10.4.1
"LogiEdit" = LogiEdit (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Professional 2010
"PSP Games Brettspiele_is1" = PSP Games Brettspiele
"RealPlayer 6.0" = RealPlayer
"seopowersuite" = LinkAssistant
"Shop for HP Supplies" = Shop for HP Supplies
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xtreme Forum Manager_is1" = Xtreme Forum Manager v2.0
"Yahoo! Companion" = Yahoo! Toolbar
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.06.2012 12:47:06 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 12.0.0.4493,
Zeitstempel: 0x4f9207d9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8ac34783 ID des fehlerhaften
Prozesses: 0x1254 Startzeit der fehlerhaften Anwendung: 0x01cd554da3ff6170 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: e47d2cf0-c140-11e1-8ff6-001a92dea384
Error - 28.06.2012 12:52:36 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8c1a7ed8 ID des fehlerhaften
Prozesses: 0x954 Startzeit der fehlerhaften Anwendung: 0x01cd554e6ac09360 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: a9670ea0-c141-11e1-8ff6-001a92dea384
Error - 28.06.2012 12:53:45 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 9.0.8112.16446,
Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8c387ed8 ID des fehlerhaften
Prozesses: 0x894 Startzeit der fehlerhaften Anwendung: 0x01cd554e947bae60 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\IEXPLORE.EXE Pfad des
fehlerhaften Moduls: unknown Berichtskennung: d25a3620-c141-11e1-8ff6-001a92dea384
Error - 28.06.2012 13:01:15 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8cb44783 ID des fehlerhaften
Prozesses: 0x11a0 Startzeit der fehlerhaften Anwendung: 0x01cd554f9bef77c0 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: deb95df0-c142-11e1-a5f8-001a92dea384
Error - 28.06.2012 13:01:46 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8c9f4783 ID des fehlerhaften
Prozesses: 0x14b0 Startzeit der fehlerhaften Anwendung: 0x01cd554fb2267ac0 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: f122a780-c142-11e1-a5f8-001a92dea384
Error - 28.06.2012 13:02:10 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8d717ed8 ID des fehlerhaften
Prozesses: 0xf44 Startzeit der fehlerhaften Anwendung: 0x01cd554fc14c1aa0 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: ff89d960-c142-11e1-a5f8-001a92dea384
Error - 28.06.2012 13:05:08 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8b927ed8 ID des fehlerhaften
Prozesses: 0x1510 Startzeit der fehlerhaften Anwendung: 0x01cd55502a3a4960 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 6976bb40-c143-11e1-a5f8-001a92dea384
Error - 28.06.2012 13:05:19 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 12.0.0.4493,
Zeitstempel: 0x4f9207d9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8ab54783 ID des fehlerhaften
Prozesses: 0xd30 Startzeit der fehlerhaften Anwendung: 0x01cd555031170020 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 6ffdc080-c143-11e1-a5f8-001a92dea384
Error - 28.06.2012 13:05:23 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 12.0.0.4493,
Zeitstempel: 0x4f9207d9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8ab54783 ID des fehlerhaften
Prozesses: 0xd30 Startzeit der fehlerhaften Anwendung: 0x01cd555031170020 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 728797e0-c143-11e1-a5f8-001a92dea384
Error - 28.06.2012 13:16:23 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8a6c7ed8 ID des fehlerhaften
Prozesses: 0x420 Startzeit der fehlerhaften Anwendung: 0x01cd5551bd952300 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: fc0c02c0-c144-11e1-a5f8-001a92dea384
[ System Events ]
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 28.06.2012 16:45:50 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 28.06.2012 16:45:50 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.28.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 thompson :: THOMPSON-PC [Administrator] Schutz: Deaktiviert 28.06.2012 19:11:45 mbam-log-2012-06-28 (19-11-45).txt Art des Suchlaufs: Flash-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P Durchsuchte Objekte: 149431 Laufzeit: 1 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Trojan.Downloader) -> Daten: C:\Users\thompson\AppData\Roaming\Identities\{8247470F-56E9-4608-9930-B47FB2775132}\LicenseValidator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\thompson\AppData\Roaming\Identities\{8247470F-56E9-4608-9930-B47FB2775132}\LicenseValidator.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) über jegliche hilfe dankbar. |
| Themen zu Google öffnet andere seiten als gewählt |
| 32 bit, 7-zip, ad-aware, alternate, antivir, avira, browser, converter, dateisystem, document, error, excel, firefox, flash player, google, heuristiks/extra, heuristiks/shuriken, home, iexplore.exe, install.exe, logfile, microsoft office word, mp3, officejet, plug-in, realtek, scan, searchscopes, security, senden, sparbuch, trojaner, version=1.0, viren, virus, windows, wiso, öffnet andere seiten |
Baum-Darstellung