Trojaner-Board - Kein Zugriff mehr auf Partitionen

Code:

# AdwCleaner v2.105 - Logfile created 01/13/2013 at 22:15:59

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (32 bits)

# User : Hendrik - LOKI

# Boot Mode : Normal

# Running from : C:\Users\Hendrik\Downloads\adwcleaner.exe

# Option [Delete]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Deleted : C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\dab38va9.default\extensions\staged
 

***** [Registry] *****
 
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16450
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v17.0.1 (de)
 

File : C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\dab38va9.default\prefs.js
 

[OK] File is clean.
 

*************************
 

AdwCleaner[R1].txt - [906 octets] - [13/01/2013 21:48:42]

AdwCleaner[S1].txt - [840 octets] - [13/01/2013 22:15:59]
 

########## EOF - C:\AdwCleaner[S1].txt - [899 octets] ##########

OTL Logfile:

Code:

OTL logfile created on: 13.01.2013 22:18:07 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hendrik\Downloads

 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 77,37% Memory free

5,98 Gb Paging File | 5,23 Gb Available in Paging File | 87,44% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 111,69 Gb Total Space | 60,54 Gb Free Space | 54,20% Space Free | Partition Type: NTFS

Drive D: | 50,00 Gb Total Space | 0,76 Gb Free Space | 1,52% Space Free | Partition Type: NTFS

Drive E: | 272,61 Gb Total Space | 85,82 Gb Free Space | 31,48% Space Free | Partition Type: NTFS

Drive F: | 50,00 Gb Total Space | 40,29 Gb Free Space | 80,58% Space Free | Partition Type: NTFS

Drive I: | 931,51 Gb Total Space | 22,00 Gb Free Space | 2,36% Space Free | Partition Type: NTFS

 

Computer Name: LOKI | User Name: Hendrik | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Hendrik\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Windows\System32\atieclxx.exe (AMD)

PRC - C:\Windows\System32\atiesrxx.exe (AMD)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\D-Link\DWA-547 revA\wirelesscm.exe (D-Link Corp.)

PRC - E:\Eigene Dateien\Programme\Portable KeePass\KeePassPortable\App\keepass\KeePass.exe (Dominik Reichl)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Program Files\D-Link\DWA-547 revA\WlanDll.dll ()

MOD - C:\Program Files\D-Link\DWA-547 revA\WLanWps.dll ()

MOD - C:\Program Files\WinRAR\RarExt.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (jswpsapi) -- C:\Program Files\D-Link\DWA-547 revA\jswpsapi.exe (Atheros Communications, Inc.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (catchme) -- C:\Users\Hendrik\AppData\Local\Temp\catchme.sys File not found

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)

DRV - (w800obex) -- C:\Windows\System32\drivers\w800obex.sys (MCCI)

DRV - (w800mgmt) -- C:\Windows\System32\drivers\w800mgmt.sys (MCCI)

DRV - (w800mdm) -- C:\Windows\System32\drivers\w800mdm.sys (MCCI)

DRV - (w800mdfl) -- C:\Windows\System32\drivers\w800mdfl.sys (MCCI)

DRV - (w800bus) -- C:\Windows\System32\drivers\w800bus.sys (MCCI)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-2261802461-3846753505-3277762590-1000\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-2261802461-3846753505-3277762590-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-2261802461-3846753505-3277762590-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.openintab: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledAddons: abhere2%40moztw.org:17.0.20121128

FF - prefs.js..extensions.enabledAddons: CompactMenuCE%40Merci.chao:5.1.0

FF - prefs.js..extensions.enabledAddons: OPIE%40guid.customsoftwareconsult.com:4.0

FF - prefs.js..extensions.enabledAddons: %7B4BBDD651-70CF-4821-84F8-2B918CF89CA3%7D:7.0.3.5

FF - prefs.js..extensions.enabledAddons: %7BA4732521-77D9-447E-A557-B279AC923F06%7D:0.6.9

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12

FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10

FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1

FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15

FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3

FF - prefs.js..extensions.enabledAddons: %7B1280606b-2510-4fe0-97ef-9b5a22eafe30%7D:0.7.9.2

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1

FF - prefs.js..extensions.enabledItems: abhere2@moztw.org:3.5.20091115

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10

FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2

FF - prefs.js..extensions.enabledItems: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.6

FF - prefs.js..extensions.enabledItems: IncredibleBookmarks@visibotech.com:0.7.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0

FF - prefs.js..extensions.enabledItems: OPIE@guid.customsoftwareconsult.com:1.2.3

FF - prefs.js..extensions.enabledItems: {1a6907cb-d310-4d82-bded-c0dd31f8d9a2}:1.8

FF - prefs.js..extensions.enabledItems: CompactMenuCE@Merci.chao:4.2.1

FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.8.3

FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4

FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.rz.uni-osnabrueck.de/proxy/proxy.pac"

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.01 20:56:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.23 21:12:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2011.04.21 21:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hendrik\AppData\Roaming\Mozilla\Extensions

[2011.04.21 21:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hendrik\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2013.01.13 22:16:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\dab38va9.default\extensions

[2012.07.19 19:56:39 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\dab38va9.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}

[2012.11.21 19:30:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\dab38va9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012.12.05 22:14:40 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\dab38va9.default\extensions\foxmarks@kei.com

[2012.12.02 15:19:39 | 000,065,602 | ---- | M] () (No name found) -- C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\dab38va9.default\extensions\abhere2@moztw.org.xpi

[2012.06.26 07:50:50 | 000,073,806 | ---- | M] () (No name found) -- C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\dab38va9.default\extensions\CompactMenuCE@Merci.chao.xpi

[2011.12.23 10:21:08 | 000,345,230 | ---- | M] () (No name found) -- C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\dab38va9.default\extensions\OPIE@guid.customsoftwareconsult.com.xpi

[2012.12.16 12:02:07 | 000,516,464 | ---- | M] () (No name found) -- C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\dab38va9.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi

[2011.11.26 17:42:20 | 000,089,724 | ---- | M] () (No name found) -- C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\dab38va9.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}.xpi

[2012.11.25 18:41:45 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\dab38va9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2011.11.26 17:42:12 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\dab38va9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

[2012.12.02 15:19:39 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\dab38va9.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

[2012.09.23 23:16:59 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\dab38va9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

[2012.12.01 20:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012.12.01 20:56:30 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.12.01 20:56:50 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.07.19 21:55:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.23 23:16:51 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.07.19 21:55:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.07.19 21:55:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.07.19 21:55:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.07.19 21:55:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2013.01.13 21:14:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2261802461-3846753505-3277762590-1000..\Run: [KeePass Password Safe] E:\Eigene Dateien\Programme\Portable KeePass\KeePassPortable\App\keepass\keepass.exe (Dominik Reichl)

O4 - HKU\S-1-5-21-2261802461-3846753505-3277762590-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - Startup: C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2261802461-3846753505-3277762590-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2261802461-3846753505-3277762590-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2261802461-3846753505-3277762590-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E3EA4B3-19C0-4579-8D8B-12FFEFE8111C}: DhcpNameServer = 192.168.2.254

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2007.02.07 15:26:35 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.01.13 21:18:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013.01.13 21:14:25 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013.01.13 21:14:25 | 000,000,000 | ---D | C] -- C:\Users\Hendrik\AppData\Local\temp

[2013.01.13 21:12:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013.01.13 21:12:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013.01.13 21:12:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013.01.13 21:12:19 | 000,000,000 | ---D | C] -- C:\ComboFix

[2013.01.13 21:12:18 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.01.13 21:12:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012.12.19 07:30:50 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Hendrik\Desktop\aswMBR.exe

[2012.12.17 20:43:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hendrik\Desktop\OTL.exe

[2012.12.16 14:45:19 | 000,000,000 | ---D | C] -- C:\Users\Hendrik\AppData\Roaming\KeePass

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.01.13 22:16:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.01.13 22:16:42 | 2406,862,848 | -HS- | M] () -- C:\hiberfil.sys

[2013.01.13 22:14:47 | 000,007,833 | ---- | M] () -- C:\Windows\wincmd.ini

[2013.01.13 21:22:55 | 000,021,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.01.13 21:22:55 | 000,021,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.01.13 21:22:47 | 000,609,092 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.01.13 21:22:47 | 000,104,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.01.13 21:15:50 | 362,219,403 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013.01.13 21:14:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013.01.13 21:05:26 | 000,001,013 | ---- | M] () -- C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012.12.21 11:14:19 | 000,000,512 | ---- | M] () -- C:\Users\Hendrik\Desktop\MBR.dat

[2012.12.19 07:31:27 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Hendrik\Desktop\aswMBR.exe

[2012.12.19 07:30:18 | 000,302,592 | ---- | M] () -- C:\Users\Hendrik\Desktop\hki4wsli.exe

[2012.12.17 20:43:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hendrik\Desktop\OTL.exe

[2012.12.16 14:32:01 | 000,000,600 | ---- | M] () -- C:\Users\Hendrik\AppData\Local\PUTTY.RND

[2012.12.16 12:01:50 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.12.16 12:01:50 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.12.15 13:51:15 | 000,050,176 | ---- | M] () -- C:\Users\Hendrik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== Files Created - No Company Name ==========

 

[2013.01.13 21:12:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013.01.13 21:12:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013.01.13 21:12:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013.01.13 21:12:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013.01.13 21:12:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012.12.21 11:14:19 | 000,000,512 | ---- | C] () -- C:\Users\Hendrik\Desktop\MBR.dat

[2012.12.19 07:30:17 | 000,302,592 | ---- | C] () -- C:\Users\Hendrik\Desktop\hki4wsli.exe

[2012.12.16 14:31:52 | 000,000,600 | ---- | C] () -- C:\Users\Hendrik\AppData\Local\PUTTY.RND

[2012.12.14 19:40:34 | 000,000,131 | ---- | C] () -- C:\Windows\EurekaLog.ini

[2012.09.22 17:57:14 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2012.08.02 14:23:53 | 000,050,176 | ---- | C] () -- C:\Users\Hendrik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.07.17 23:18:32 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys

[2011.04.28 21:41:02 | 000,000,120 | ---- | C] () -- C:\Windows\wcx_ftp.ini

[2011.04.27 22:52:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2011.04.22 12:09:34 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2011.04.21 21:05:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011.04.21 19:41:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011.04.05 21:09:48 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll

[2011.03.01 18:07:08 | 000,003,949 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2011.02.28 22:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both
 

< End of report >

--- --- ---

OTL Logfile:

Code:

OTL Extras logfile created on: 13.01.2013 22:18:07 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hendrik\Downloads

 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 77,37% Memory free

5,98 Gb Paging File | 5,23 Gb Available in Paging File | 87,44% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 111,69 Gb Total Space | 60,54 Gb Free Space | 54,20% Space Free | Partition Type: NTFS

Drive D: | 50,00 Gb Total Space | 0,76 Gb Free Space | 1,52% Space Free | Partition Type: NTFS

Drive E: | 272,61 Gb Total Space | 85,82 Gb Free Space | 31,48% Space Free | Partition Type: NTFS

Drive F: | 50,00 Gb Total Space | 40,29 Gb Free Space | 80,58% Space Free | Partition Type: NTFS

Drive I: | 931,51 Gb Total Space | 22,00 Gb Free Space | 2,36% Space Free | Partition Type: NTFS

 

Computer Name: LOKI | User Name: Hendrik | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2261802461-3846753505-3277762590-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{15A60420-2DE2-432F-9D1E-9DC5F95844CE}" = protocol=6 | dir=in | app=c:\users\hendrik\appdata\roaming\dropbox\bin\dropbox.exe | 

"{213B6C39-AB63-4C6C-BDCF-554381FD6FC6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 

"{3631770A-1E79-4DD5-8D00-11868F40494D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 

"{3C7FC6A7-E4F2-4219-863E-951039A1DD97}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{6BE74223-4485-4073-8E7E-56B549FBBDB9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{75072CEF-51FA-48CA-8BDB-3B40312482DC}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 

"{85A51FCB-C971-4F37-BB1F-A3A53E265EB7}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 

"{8B7F9B7C-277C-45E2-AE42-825CF0EF2946}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 

"{977BED32-6918-4A38-9072-9610023EA7D9}" = protocol=17 | dir=in | app=c:\users\hendrik\appdata\roaming\dropbox\bin\dropbox.exe | 

"{A0EE0CA6-D3F9-4F11-B990-7ED3324B358C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 

"{A5A6955C-4B07-45DF-8438-63B5126F3AD9}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 

"{AFB175B6-A766-40EE-85CB-3E52676B9834}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 

"{DA6E571C-D24D-4FC7-A82A-EB4827DCE94E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 

"{FAB88795-0A2C-4286-9A49-DA9DE425EACD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{FB091549-FF7A-4CBE-B67E-719311740A67}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 

"TCP Query User{3C9A7564-F91E-4DC5-B614-155AA1F18629}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"TCP Query User{73F5AAB6-E44A-465E-8965-6CF73AB81C88}D:\programme\emule\emule.exe" = protocol=6 | dir=in | app=d:\programme\emule\emule.exe | 

"UDP Query User{5647D4E9-A754-4207-99D0-D27298FF989D}D:\programme\emule\emule.exe" = protocol=17 | dir=in | app=d:\programme\emule\emule.exe | 

"UDP Query User{B29F2E61-6D9E-40A9-88A8-68B18201DD39}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{32A3A4F4-B792-11D6-A78A-00B0D0170090}" = Java SE Development Kit 7 Update 9

"{457A1082-080B-ECCB-07E9-CC841173A5E3}" = ATI Catalyst Install Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities

"{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}" = DWA-547

"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack

"{79AAE9BC-BE15-CA31-66BD-70ACE16E2A82}" = AMD Drag and Drop Transcoding

"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{916800EA-DDA2-4C5E-96F2-811F3F7C4258}" = Total Commander 6.54a

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"5513-1208-7298-9440" = JDownloader 0.9

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"CCleaner" = CCleaner

"Content Manager 2" = Content Manager 2

"DAEMON Tools Lite" = DAEMON Tools Lite

"Designer 2.0_is1" = Designer 2.0

"DivX Setup" = DivX-Setup

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)

"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Picasa 3" = Picasa 3

"Recuva" = Recuva

"Sony Ericsson W800" = Sony Ericsson W800 Software

"StarCraft II" = StarCraft II

"Steam App 24780" = SimCity 4 Deluxe

"Steam App 26800" = Braid

"TreeSize Free_is1" = TreeSize Free V2.5

"TrueCrypt" = TrueCrypt

"uTorrent" = µTorrent

"VisiPics_is1" = VisiPics V1.25

"VLC media player" = VLC media player 2.0.4

"Winamp" = Winamp (remove only)

"WinRAR archiver" = WinRAR Archivierer

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2261802461-3846753505-3277762590-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 22.09.2012 16:35:45 | Computer Name = Loki | Source = Application Hang | ID = 1002

Description = The program TOTALCMD.EXE version 6.5.4.0 stopped interacting with 

Windows and was closed. To see if more information about the problem is available,

 check the problem history in the Action Center control panel.    Process ID: d60    Start

 Time: 01cd82f9cd6dc1f5    Termination Time: 15    Application Path: C:\Program Files\Total.Commander.6.54a\TOTALCMD.EXE
 

Report

 Id: 147ae2e2-04f5-11e2-ba2b-fe39b8836c5d  

 

Error - 23.09.2012 17:49:52 | Computer Name = Loki | Source = ESENT | ID = 215

Description = WinMail (3120) WindowsMail0: The backup has been stopped because it

 was halted by the client or the connection with the client failed.

 

Error - 04.10.2012 18:04:42 | Computer Name = Loki | Source = Application Error | ID = 1000

Description = Faulting application name: Paint Shop Pro X.exe, version: 10.0.0.0,

 time stamp: 0x4303b411  Faulting module name: unknown, version: 0.0.0.0, time stamp:

 0x00000000  Exception code: 0xc0000005  Fault offset: 0x32332032  Faulting process id:

 0xc08  Faulting application start time: 0x01cda2528e5e9862  Faulting application path:

 C:\Program Files\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe  Faulting module

 path: unknown  Report Id: 7f2f1aa8-0e6f-11e2-a442-b7809016e961

 

Error - 06.10.2012 06:49:20 | Computer Name = Loki | Source = Application Hang | ID = 1002

Description = The program TOTALCMD.EXE version 6.5.4.0 stopped interacting with 

Windows and was closed. To see if more information about the problem is available,

 check the problem history in the Action Center control panel.    Process ID: 1d04    Start

 Time: 01cda3af6bc860e4    Termination Time: 2    Application Path: C:\Program Files\Total.Commander.6.54a\TOTALCMD.EXE
 

Report

 Id: 7802750e-0fa3-11e2-a442-b7809016e961  

 

Error - 06.10.2012 06:49:42 | Computer Name = Loki | Source = Application Hang | ID = 1002

Description = The program TOTALCMD.EXE version 6.5.4.0 stopped interacting with 

Windows and was closed. To see if more information about the problem is available,

 check the problem history in the Action Center control panel.    Process ID: 1f90    Start

 Time: 01cda3b03f29bbcd    Termination Time: 2    Application Path: C:\Program Files\Total.Commander.6.54a\TOTALCMD.EXE
 

Report

 Id: 86c275e8-0fa3-11e2-a442-b7809016e961  

 

Error - 09.12.2012 10:41:57 | Computer Name = Loki | Source = Application Error | ID = 1000

Description = Faulting application name: designer.exe, version: 0.0.0.0, time stamp:

 0x5006a173  Faulting module name: QtGui4.dll, version: 4.3.3.0, time stamp: 0x47559e07

Exception

 code: 0xc0000005  Fault offset: 0x0004214c  Faulting process id: 0xe74  Faulting application

 start time: 0x01cdd6193ea293b6  Faulting application path: C:\Program Files\fotobuch.de\Designer

 2.0\designer.exe  Faulting module path: C:\Program Files\fotobuch.de\Designer 2.0\QtGui4.dll

Report

 Id: 94dd8e53-420e-11e2-8b03-bc8fbd5a6c5d

 

Error - 09.12.2012 13:52:45 | Computer Name = Loki | Source = Application Error | ID = 1000

Description = Faulting application name: designer.exe, version: 0.0.0.0, time stamp:

 0x5006a173  Faulting module name: QtCore4.dll, version: 4.3.3.0, time stamp: 0x475599d5

Exception

 code: 0xc0000005  Fault offset: 0x0009fb86  Faulting process id: 0x170  Faulting application

 start time: 0x01cdd6219b9a09f9  Faulting application path: C:\Program Files\fotobuch.de\Designer

 2.0\designer.exe  Faulting module path: C:\Program Files\fotobuch.de\Designer 2.0\QtCore4.dll

Report

 Id: 3c59a21d-4229-11e2-8b04-928c4f51ea5c

 

Error - 11.12.2012 14:15:25 | Computer Name = Loki | Source = Application Error | ID = 1000

Description = Faulting application name: designer.exe, version: 0.0.0.0, time stamp:

 0x5006a173  Faulting module name: QtGui4.dll, version: 4.3.3.0, time stamp: 0x47559e07

Exception

 code: 0xc0000005  Fault offset: 0x0002ccf4  Faulting process id: 0xe64  Faulting application

 start time: 0x01cdd7bf926eeebf  Faulting application path: C:\Program Files\fotobuch.de\Designer

 2.0\designer.exe  Faulting module path: C:\Program Files\fotobuch.de\Designer 2.0\QtGui4.dll

Report

 Id: bbcf1ed9-43be-11e2-8b30-b93f9eb76a5e

 

Error - 11.12.2012 17:47:37 | Computer Name = Loki | Source = Application Error | ID = 1000

Description = Faulting application name: designer.exe, version: 0.0.0.0, time stamp:

 0x5006a173  Faulting module name: QtGui4.dll, version: 4.3.3.0, time stamp: 0x47559e07

Exception

 code: 0xc0000005  Fault offset: 0x00013216  Faulting process id: 0x62c  Faulting application

 start time: 0x01cdd7e36aa4ccf3  Faulting application path: C:\Program Files\fotobuch.de\Designer

 2.0\designer.exe  Faulting module path: C:\Program Files\fotobuch.de\Designer 2.0\QtGui4.dll

Report

 Id: 60ad8049-43dc-11e2-8b30-b93f9eb76a5e

 

Error - 11.12.2012 18:05:25 | Computer Name = Loki | Source = Application Error | ID = 1000

Description = Faulting application name: designer.exe, version: 0.0.0.0, time stamp:

 0x5006a173  Faulting module name: QtGui4.dll, version: 4.3.3.0, time stamp: 0x47559e07

Exception

 code: 0xc0000005  Fault offset: 0x0002ccf4  Faulting process id: 0x164  Faulting application

 start time: 0x01cdd7e92920e498  Faulting application path: C:\Program Files\fotobuch.de\Designer

 2.0\designer.exe  Faulting module path: C:\Program Files\fotobuch.de\Designer 2.0\QtGui4.dll

Report

 Id: dd4218a1-43de-11e2-8b30-b93f9eb76a5e

 

[ System Events ]

Error - 21.12.2012 06:16:18 | Computer Name = Loki | Source = atapi | ID = 262155

Description = The driver detected a controller error on \Device\Ide\IdePort0.

 

Error - 21.12.2012 06:16:18 | Computer Name = Loki | Source = atapi | ID = 262155

Description = The driver detected a controller error on \Device\Ide\IdePort0.

 

Error - 21.12.2012 09:28:21 | Computer Name = Loki | Source = atapi | ID = 262155

Description = The driver detected a controller error on \Device\Ide\IdePort0.

 

Error - 13.01.2013 15:56:37 | Computer Name = Loki | Source = EventLog | ID = 6008

Description = The previous system shutdown at 20:55:24 on ?13.?01.?2013 was unexpected.

 

Error - 13.01.2013 15:56:38 | Computer Name = Loki | Source = BugCheck | ID = 1001

Description = 

 

Error - 13.01.2013 16:12:34 | Computer Name = Loki | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service.  However,

 the system is configured to not allow interactive services.  This service may not

 function properly.

 

Error - 13.01.2013 16:13:23 | Computer Name = Loki | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service.  However,

 the system is configured to not allow interactive services.  This service may not

 function properly.

 

Error - 13.01.2013 16:15:51 | Computer Name = Loki | Source = EventLog | ID = 6008

Description = The previous system shutdown at 21:14:32 on ?13.?01.?2013 was unexpected.

 

Error - 13.01.2013 16:15:53 | Computer Name = Loki | Source = BugCheck | ID = 1001

Description = 

 

Error - 13.01.2013 17:16:14 | Computer Name = Loki | Source = DCOM | ID = 10010

Description = 

 

 

< End of report >

--- --- ---