Hans-Dieter | 21.01.2013 20:13 | Hier der Log von Malewarebytes: Code:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Datenbank Version: v2012.12.20.03
Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Danielsimon :: DANIELSIMON-PC [Administrator]
08.01.2013 21:26:46
mbam-log-2013-01-08 (21-26-46).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 505779
Laufzeit: 1 Stunde(n), 9 Minute(n),
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 3
C:\Users\Danielsimon\wgsdgsdgdsgsd.dll (Exploit.Drop.GS) -> Löschen bei Neustart.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Danielsimon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende) Und hier die Codes von Otl: Code:
OTL logfile created on: 21.01.2013 19:27:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Danielsimon\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,24 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 64,46% Memory free
6,67 Gb Paging File | 5,58 Gb Available in Paging File | 83,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 183,44 Gb Free Space | 61,54% Space Free | Partition Type: NTFS
Computer Name: DANIELSIMON-PC | User Name: Danielsimon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Danielsimon\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
========== Services (SafeList) ==========
SRV - (Winmgmt) -- C:\Users\DANIEL~1\wgsdgsdgdsgsd.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Corp.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1826731348-3842537282-3559615610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1826731348-3842537282-3559615610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1826731348-3842537282-3559615610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 4F A3 BC DC ED CD 01 [binary data]
IE - HKU\S-1-5-21-1826731348-3842537282-3559615610-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1826731348-3842537282-3559615610-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1826731348-3842537282-3559615610-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1826731348-3842537282-3559615610-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.29 14:59:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 09:54:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 09:53:49 | 000,000,000 | ---D | M]
[2012.10.10 11:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danielsimon\AppData\Roaming\mozilla\Extensions
[2013.01.20 22:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danielsimon\AppData\Roaming\mozilla\Firefox\Profiles\ko42ps0z.default\extensions
[2012.11.23 22:26:02 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Danielsimon\AppData\Roaming\mozilla\firefox\profiles\ko42ps0z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.13 17:09:19 | 000,003,915 | ---- | M] () -- C:\Users\Danielsimon\AppData\Roaming\mozilla\firefox\profiles\ko42ps0z.default\searchplugins\sweetim.xml
[2013.01.19 09:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.29 14:59:15 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013.01.19 09:54:35 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B21F93B-5A93-4E9A-B7DE-DE95D903B1F0}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Danielsimon\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Danielsimon\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.20 22:01:30 | 000,000,000 | ---D | C] -- C:\Users\Danielsimon\Desktop\Tweaking.com - Windows Repair
[2013.01.20 16:33:46 | 000,000,000 | ---D | C] -- C:\Users\Danielsimon\Desktop\GUI Maske - Beta
[2013.01.19 09:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.18 07:12:43 | 000,000,000 | ---D | C] -- C:\Users\Danielsimon\Desktop\Neuer Ordner (2)
[2013.01.10 07:18:34 | 000,000,000 | ---D | C] -- C:\Users\Danielsimon\Desktop\m
[2013.01.09 07:55:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013.01.09 07:54:45 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2013.01.09 07:54:26 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.09 07:53:48 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.01.21 19:20:19 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.21 19:20:19 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.21 19:20:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.21 19:20:08 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013.01.21 19:20:06 | 3478,773,760 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.21 08:31:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.01.21 08:16:59 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.21 07:53:21 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.18 16:44:36 | 015,612,656 | ---- | M] () -- C:\Users\Danielsimon\Desktop\ST-Skript+Teil+2a.pdf
[2013.01.18 16:44:17 | 016,448,818 | ---- | M] () -- C:\Users\Danielsimon\Desktop\ST-Skript Teil 2b.pdf
[2013.01.13 21:41:44 | 000,005,201 | ---- | M] () -- C:\Users\Danielsimon\Desktop\flachkollektor.png
[2013.01.13 10:02:28 | 003,296,219 | ---- | M] () -- C:\Users\Danielsimon\Desktop\Vitosol.pdf
[2013.01.10 07:30:13 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013.01.09 20:17:17 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.09 20:17:16 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.09 13:14:37 | 000,379,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.09 08:29:41 | 000,689,148 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.09 08:29:41 | 000,646,970 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.09 08:29:41 | 000,152,144 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.09 08:29:41 | 000,124,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.09 07:58:57 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.01.08 17:17:28 | 000,374,350 | ---- | M] () -- C:\Users\Danielsimon\Desktop\Begleitmaterial_Waermeleitung_1._Fassung_.pdf
[2013.01.01 00:49:38 | 000,120,816 | ---- | M] () -- C:\Users\Danielsimon\Desktop\Fedex.jpg
[2012.12.28 10:17:13 | 013,370,358 | ---- | M] () -- C:\Users\Danielsimon\Desktop\klausuren.pdf
[2012.12.28 09:54:04 | 002,277,469 | ---- | M] () -- C:\Users\Danielsimon\Desktop\drucken.pdf
[2012.12.26 10:39:46 | 215,055,800 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.01.18 16:44:25 | 015,612,656 | ---- | C] () -- C:\Users\Danielsimon\Desktop\ST-Skript+Teil+2a.pdf
[2013.01.18 16:44:05 | 016,448,818 | ---- | C] () -- C:\Users\Danielsimon\Desktop\ST-Skript Teil 2b.pdf
[2013.01.13 21:41:43 | 000,005,201 | ---- | C] () -- C:\Users\Danielsimon\Desktop\flachkollektor.png
[2013.01.13 10:02:28 | 003,296,219 | ---- | C] () -- C:\Users\Danielsimon\Desktop\Vitosol.pdf
[2013.01.09 07:58:57 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013.01.09 07:56:39 | 000,001,832 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013.01.08 22:37:11 | 3478,773,760 | -HS- | C] () -- C:\hiberfil.sys
[2013.01.08 17:17:28 | 000,374,350 | ---- | C] () -- C:\Users\Danielsimon\Desktop\Begleitmaterial_Waermeleitung_1._Fassung_.pdf
[2013.01.01 00:48:33 | 000,120,816 | ---- | C] () -- C:\Users\Danielsimon\Desktop\Fedex.jpg
[2012.12.28 10:17:13 | 013,370,358 | ---- | C] () -- C:\Users\Danielsimon\Desktop\klausuren.pdf
[2012.12.28 09:53:51 | 002,277,469 | ---- | C] () -- C:\Users\Danielsimon\Desktop\drucken.pdf
[2012.10.24 19:41:31 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini
[2012.10.22 17:09:53 | 000,164,284 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.10.22 17:07:23 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.10.20 11:26:23 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2012.10.20 11:18:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Soundtrack
[2012.10.20 11:18:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sounds
[2012.10.20 11:18:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sound Effects
[2012.10.20 11:18:17 | 000,000,268 | RH-- | C] () -- C:\Users\Danielsimon\AppData\Roaming\Smooth Strings
[2012.10.20 11:18:17 | 000,000,268 | RH-- | C] () -- C:\Users\Danielsimon\AppData\Roaming\SingleFiles
[2012.10.20 11:18:17 | 000,000,268 | RH-- | C] () -- C:\Users\Danielsimon\AppData\Roaming\Services
[2012.10.20 11:18:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012.10.20 11:18:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012.10.20 11:18:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012.10.19 18:45:34 | 000,000,895 | ---- | C] () -- C:\Users\Danielsimon\AppData\Local\recently-used.xbel
[2012.10.10 17:25:24 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012.10.10 13:01:25 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.10.10 12:18:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.10.10 12:17:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.10.10 10:55:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.10.10 09:43:59 | 000,005,632 | ---- | C] () -- C:\Users\Danielsimon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.10 09:30:28 | 000,000,680 | ---- | C] () -- C:\Users\Danielsimon\AppData\Local\d3d9caps.dat
[2012.10.10 09:19:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.18 05:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
========== ZeroAccess Check ==========
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.10.19 20:27:50 | 000,000,000 | ---D | M] -- C:\Users\Danielsimon\AppData\Roaming\Broad Intelligence
[2012.12.20 12:11:04 | 000,000,000 | ---D | M] -- C:\Users\Danielsimon\AppData\Roaming\Dropbox
[2013.01.01 00:48:34 | 000,000,000 | ---D | M] -- C:\Users\Danielsimon\AppData\Roaming\Image Zone Express
[2012.11.29 13:31:22 | 000,000,000 | ---D | M] -- C:\Users\Danielsimon\AppData\Roaming\MAGIX
[2012.10.20 11:22:44 | 000,000,000 | ---D | M] -- C:\Users\Danielsimon\AppData\Roaming\Nikon
[2012.11.13 13:55:40 | 000,000,000 | ---D | M] -- C:\Users\Danielsimon\AppData\Roaming\PhotoScape
[2012.10.22 18:04:16 | 000,000,000 | ---D | M] -- C:\Users\Danielsimon\AppData\Roaming\Printer Info Cache
[2012.10.10 13:22:03 | 000,000,000 | ---D | M] -- C:\Users\Danielsimon\AppData\Roaming\XnView
========== Purity Check ==========
< End of report > Code:
OTL Extras logfile created on: 21.01.2013 19:27:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Danielsimon\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,24 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 64,46% Memory free
6,67 Gb Paging File | 5,58 Gb Available in Paging File | 83,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 183,44 Gb Free Space | 61,54% Space Free | Partition Type: NTFS
Computer Name: DANIELSIMON-PC | User Name: Danielsimon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1826731348-3842537282-3559615610-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9BA95D55-5C65-4792-B19F-A3B56C6A936A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D912682-3315-4820-B8F1-6D1B67E5BD96}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{0FBD2449-7E1D-4693-AB8F-4BBFF88DA956}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{15B1B58D-3DDD-406D-AA51-581772505E44}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{1EC0F8A5-C80A-42F6-A4B5-A1579F4CF0BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2343CC82-2092-47A2-BB8D-7EFBC61E84C9}" = protocol=6 | dir=in | app=c:\users\danielsimon\appdata\roaming\dropbox\bin\dropbox.exe |
"{4586A5E8-E2C9-4F1C-A877-80EEBD8AC07A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4BD67C55-55F9-4D99-94C8-1CE70E10CCAA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4DFCA918-C8EB-46C4-94B4-EEE68680C767}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{5F1AA9A7-2B21-4B9D-964D-F159D4428C28}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{67E363FD-175A-49E1-8E90-6BF502150CA3}" = protocol=17 | dir=in | app=c:\users\danielsimon\appdata\roaming\dropbox\bin\dropbox.exe |
"{6C937FB8-5E50-4E4C-B53F-A4F3C9FE1CBF}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{7CC8968E-4358-450E-942D-A9A2AD9024A1}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{81D30273-0D7F-4770-8246-2FEA0B5551C1}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{9EBB416D-7296-4F5A-845B-3C9FDA2678B1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CB675BAF-9190-4AD7-8FE6-F2E7ED21BACD}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{D9C42A85-5581-4FB6-B3B2-D21BFBA50313}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E377D8D0-B1C8-49FB-B5D3-FD698354CA3A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{1DDFDDF5-6819-497A-AC0B-6CAAE47F7F29}C:\users\danielsimon\appdata\local\temp\931249a6f12f4932a6551a1981e9afde\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\danielsimon\appdata\local\temp\931249a6f12f4932a6551a1981e9afde\relicdownloader.exe |
"TCP Query User{8B9EF5E1-17AC-4046-AC54-889B6F822C20}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{5CD2251E-1F45-4C5F-9D0B-BF6D1D788C99}C:\users\danielsimon\appdata\local\temp\931249a6f12f4932a6551a1981e9afde\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\danielsimon\appdata\local\temp\931249a6f12f4932a6551a1981e9afde\relicdownloader.exe |
"UDP Query User{BA5761F0-99BD-48CB-BD3F-6DBA2E493D19}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Company of Heroes" = Company of Heroes
"DivX Setup" = DivX-Setup
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MatlabR2011a" = MATLAB R2011a
"MediaCoder" = MediaCoder 0.8.16
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoScape" = PhotoScape
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.3
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"XnView_is1" = XnView 1.99.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1826731348-3842537282-3559615610-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.01.2013 12:28:24 | Computer Name = Danielsimon-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 750 Anfangszeit: 01cdf4c8cc597c49 Zeitpunkt
der Beendigung: 0
Error - 17.01.2013 12:31:58 | Computer Name = Danielsimon-PC | Source = .NET Runtime | ID = 1022
Description =
Error - 19.01.2013 13:30:05 | Computer Name = Danielsimon-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 784 Anfangszeit: 01cdf6690b859659 Zeitpunkt
der Beendigung: 0
Error - 20.01.2013 13:22:02 | Computer Name = Danielsimon-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 20.01.2013 13:22:03 | Computer Name = Danielsimon-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 20.01.2013 13:23:41 | Computer Name = Danielsimon-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 20.01.2013 13:23:41 | Computer Name = Danielsimon-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 20.01.2013 16:39:31 | Computer Name = Danielsimon-PC | Source = Application Hang | ID = 1002
Description = Programm HiJackThis204.exe, Version 2.0.0.4 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 2fc Anfangszeit: 01cdf74e0b788b2c Zeitpunkt
der Beendigung: 0
Error - 21.01.2013 02:42:29 | Computer Name = Danielsimon-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 21.01.2013 02:42:29 | Computer Name = Danielsimon-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 01.11.2012 01:38:08 | Computer Name = Danielsimon-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.11.2012 05:48:31 | Computer Name = Danielsimon-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.11.2012 16:50:12 | Computer Name = Danielsimon-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.11.2012 02:04:29 | Computer Name = Danielsimon-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.11.2012 09:12:39 | Computer Name = Danielsimon-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.11.2012 03:03:23 | Computer Name = Danielsimon-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.11.2012 09:48:08 | Computer Name = Danielsimon-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.11.2012 03:41:01 | Computer Name = Danielsimon-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.11.2012 13:36:35 | Computer Name = Danielsimon-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 05.11.2012 02:21:12 | Computer Name = Danielsimon-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report > |