Vielen danke für deine Antwort und dein Bemühen:OTL Logfile: Code:
OTL logfile created on: 09.10.2012 13:22:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kalb\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 79,43% Memory free
4,00 Gb Paging File | 3,60 Gb Available in Paging File | 90,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,98 Gb Total Space | 92,61 Gb Free Space | 66,63% Space Free | Partition Type: NTFS
Computer Name: JANUSCHEL | User Name: kalb | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.10.09 13:20:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kalb\Downloads\OTL.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.05.09 15:24:26 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.04.07 21:10:38 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.04.07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008.04.17 14:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007.12.17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007.01.11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ycwbbmmf.sys -- (ycwbbmmf)
DRV - [2012.10.08 20:23:02 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.09.19 10:02:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudobex.sys -- (ssudobex)
DRV - [2012.09.19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.09.19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 21:28:45 | 000,573,440 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2010.06.17 21:28:45 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2010.04.07 21:08:12 | 000,096,896 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2010.04.07 21:07:08 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.04.07 21:03:46 | 000,133,512 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2009.12.15 10:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009.12.15 10:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.10.07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009.10.07 08:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.05.26 11:35:50 | 008,235,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.08.03 05:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0C2D0630-2882-431F-AA84-3A6454B32EC2}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=68346eae-f732-11e0-939b-001a801851dd&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A8214D94-1C7F-4B5B-8419-DEEA53AD04D5}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=68346eae-f732-11e0-939b-001a801851dd&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 E3 43 1F 8C EE CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0C2D0630-2882-431F-AA84-3A6454B32EC2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0C2D0630-2882-431F-AA84-3A6454B32EC2}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de
IE - HKCU\..\SearchScopes\{4B1EB107-BCD3-4FB2-98E0-E70F4FC45DF9}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{A8214D94-1C7F-4B5B-8419-DEEA53AD04D5}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1"
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=1&src=sp&cf=68346eae-f732-11e0-939b-001a801851dd&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\kalb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.13 20:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.08 19:06:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.05.09 13:21:45 | 000,000,000 | ---D | M]
[2011.09.13 20:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kalb\AppData\Roaming\mozilla\Extensions
[2012.10.08 18:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kalb\AppData\Roaming\mozilla\Firefox\Profiles\su33pu6f.default\extensions
[2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\kalb\AppData\Roaming\mozilla\firefox\profiles\su33pu6f.default\searchplugins\startsear.xml
[2011.10.06 19:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.09.03 08:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.03 02:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.03 02:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 02:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 02:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 02:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Mystical Land Installer (Enabled) = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdkjcaifgmiepgkhohjooakknonejoc\1.0.0.10_0\NPMysticalLandInstaller.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\kalb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Speed Dial = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.1_0\
CHR - Extension: Mystical Land Installer = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdkjcaifgmiepgkhohjooakknonejoc\1.0.0.10_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\Telekom\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [EPSON B40W Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIELE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] C:\Program Files\Telekom\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{001F3B16-5351-4CBF-A8E5-14CAB653679C}: DhcpNameServer = 10.74.83.22 193.254.160.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67AA8B79-A64D-483C-8462-B07FB5A09434}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85E7A7E5-94CA-43E5-878F-6EB4F267B1F9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8724439-8D79-46A7-BEB7-CB2730586F8C}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7d9506aa-6916-11e0-a680-001a801851dd}\Shell - "" = AutoRun
O33 - MountPoints2\{7d9506aa-6916-11e0-a680-001a801851dd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7d9506c1-6916-11e0-a680-001a801851dd}\Shell - "" = AutoRun
O33 - MountPoints2\{7d9506c1-6916-11e0-a680-001a801851dd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
========== Files/Folders - Created Within 30 Days ==========
[2012.10.08 19:51:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.10.08 19:51:46 | 000,000,000 | ---D | C] -- C:\Users\kalb\AppData\Roaming\Malwarebytes
[2012.10.08 19:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.08 19:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.08 19:51:24 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.08 19:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.08 18:06:59 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Fächer
[2012.10.06 14:29:51 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Behindertenhilfe Bergstrasse
[2012.09.19 10:02:08 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudobex.sys
[2012.09.19 10:02:06 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012.09.19 10:02:06 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012.09.17 22:25:24 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Praktikum Köln(2012)
[2012.09.17 16:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.17 16:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.17 16:09:29 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.09.15 12:21:40 | 000,000,000 | ---D | C] -- C:\Users\kalb\AppData\Local\{8AA270C9-F234-4F35-A854-5F1DFA5BD769}
========== Files - Modified Within 30 Days ==========
[2012.10.09 13:08:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.09 13:08:40 | 197,505,467 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.09 13:08:38 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.09 13:07:25 | 000,131,072 | -H-- | M] () -- C:\Windows\DUMP7e50.DMP
[2012.10.08 21:42:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.08 20:41:32 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.08 20:41:32 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.08 20:34:34 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.10.08 20:34:23 | 000,054,932 | ---- | M] () -- C:\Users\kalb\AppData\Roaming\nvModes.001
[2012.10.08 20:34:13 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.08 20:23:02 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.10.08 19:51:26 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.08 17:24:20 | 000,054,932 | ---- | M] () -- C:\Users\kalb\AppData\Roaming\nvModes.dat
[2012.10.08 14:09:37 | 000,664,868 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.08 14:09:37 | 000,625,010 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.08 14:09:37 | 000,135,004 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.08 14:09:37 | 000,110,648 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.08 14:08:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.10.07 17:44:12 | 000,131,072 | -H-- | M] () -- C:\Windows\DUMP9b66.DMP
[2012.09.27 12:47:37 | 000,002,320 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.19 10:02:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudobex.sys
[2012.09.19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012.09.19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012.09.17 16:09:40 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
========== Files Created - No Company Name ==========
[2012.10.09 13:07:25 | 000,131,072 | -H-- | C] () -- C:\Windows\DUMP7e50.DMP
[2012.10.08 19:51:26 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.08 14:08:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.10.07 17:44:12 | 000,131,072 | -H-- | C] () -- C:\Windows\DUMP9b66.DMP
[2012.09.17 16:09:40 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.04.02 20:57:44 | 000,004,608 | ---- | C] () -- C:\Users\kalb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.28 23:24:27 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2012.02.28 23:24:27 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2011.11.03 01:46:25 | 000,007,630 | ---- | C] () -- C:\Users\kalb\AppData\Roaming\.freeciv-client-rc-2.3
[2011.09.13 12:56:39 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.11.22 00:06:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\PrintsService
[2010.11.22 00:06:17 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\PreferencePane
[2010.11.22 00:06:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.11.22 00:02:44 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Printers
[2010.11.22 00:02:44 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\Pop Flute
[2010.11.22 00:02:44 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010.11.21 18:47:02 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\Woodwind
[2010.11.21 18:47:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\business-inkjet
[2010.11.21 18:47:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Dictionaries
[2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Workflows
[2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Work - Home
[2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\Widgets
[2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\WebServer
[2010.11.21 18:40:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbw.DAT
[2010.11.21 18:40:08 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Devices
[2010.11.21 18:40:08 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Desktop Pictures
[2010.11.21 18:33:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.05.14 18:07:21 | 000,000,092 | ---- | C] () -- C:\Users\kalb\AppData\Local\fusioncache.dat
[2010.05.14 09:39:14 | 000,054,932 | ---- | C] () -- C:\Users\kalb\AppData\Roaming\nvModes.001
[2010.05.14 00:39:30 | 000,054,932 | ---- | C] () -- C:\Users\kalb\AppData\Roaming\nvModes.dat
[2010.05.07 22:09:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011.11.03 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\.freeciv
[2012.04.15 15:25:53 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Babylon
[2012.08.10 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Canon
[2011.02.13 16:19:21 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\EPSON
[2010.11.22 00:12:20 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Nikon
[2011.09.13 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\OpenCandy
[2011.02.13 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Panasonic
[2012.06.19 13:52:02 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Samsung
[2011.09.13 12:56:29 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\ScanSoft
[2011.04.17 19:45:56 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Telekom
[2012.10.07 17:46:13 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Telekom Internet Manager
[2012.03.14 22:33:13 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Unity
[2011.09.14 14:18:24 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2010.05.07 22:02:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.05.02 22:23:15 | 000,000,000 | ---D | M] -- C:\$UPGRADE.~OS
[2012.07.01 12:37:21 | 000,000,000 | ---D | M] -- C:\Big Fish Games
[2011.07.10 17:35:39 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.10.08 19:03:38 | 000,000,000 | ---D | M] -- C:\bwinPoker JPC
[2009.10.18 15:52:54 | 000,000,000 | ---D | M] -- C:\Click to DVD 2
[2012.10.08 19:17:14 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2007.08.12 11:26:06 | 000,000,000 | ---D | M] -- C:\Documentation
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.07.20 14:57:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.05.02 20:23:09 | 000,000,000 | -HSD | M] -- C:\found.000
[2007.11.04 01:18:29 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.06.17 22:10:32 | 000,000,000 | ---D | M] -- C:\MyVideos
[2010.04.11 14:00:24 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.10.08 19:51:24 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.08 19:51:25 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.07.20 14:57:47 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.05.07 22:01:56 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.10.08 20:54:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.05.07 22:20:59 | 000,000,000 | ---D | M] -- C:\Temp
[2010.04.05 22:47:48 | 000,000,000 | ---D | M] -- C:\Update
[2010.05.07 22:02:03 | 000,000,000 | R--D | M] -- C:\Users
[2007.08.12 11:36:33 | 000,000,000 | -H-D | M] -- C:\WAUUPGRD
[2012.10.09 13:08:40 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< %windir%\installer\*. /5 >
< %localappdata%\*. /5 >
[2012.10.08 18:45:43 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Diagnostics
[2012.10.07 18:09:37 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\ElevatedDiagnostics
[2012.10.08 19:23:13 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Microsoft
[2012.10.08 18:47:48 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\MigWiz
[2012.10.08 16:29:39 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\PokerStars.EU
[2012.10.09 13:22:31 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Temp
[2012.10.08 19:23:04 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Windows Live
< End of report > --- --- ---
OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 09.10.2012 13:22:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kalb\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 79,43% Memory free
4,00 Gb Paging File | 3,60 Gb Available in Paging File | 90,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,98 Gb Total Space | 92,61 Gb Free Space | 66,63% Space Free | Partition Type: NTFS
Computer Name: JANUSCHEL | User Name: kalb | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B41FD57-0FF8-4496-A494-AF31C19D1507}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0B90BB45-C1A2-4117-8DFE-0308B122D109}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{20B65229-348A-4F4C-A1D9-986AC5F7BB57}" = rport=10243 | protocol=6 | dir=out | app=system |
"{214EDA10-945A-4B59-A514-FB80E9DADF08}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2232910A-9D52-497C-B8ED-74728D5D7235}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{229039CD-36CC-4BDC-B67D-460585A9590A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25CE5F50-5059-4902-9B2D-00B55B49D269}" = rport=2869 | protocol=6 | dir=out | app=system |
"{29ADB81B-C89E-4D69-8ED0-BC3EE392F588}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2A87DA0E-2EF9-4763-BA47-2720039CD6FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{856F30AD-260D-4536-8352-A5F3B810DF42}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89D2F162-15E3-44CA-B367-C3438ABAF9A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9581B345-C56A-4620-ACBD-74E7BCB4B699}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A2FBA7E-771B-4B8F-9000-49F42E49E557}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA2806D1-FE4A-4CE6-8F52-39E8297065DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BDE63862-F505-432C-960C-E4331B1C53DE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CDB0BDB0-4F97-4E02-AA5C-B16544C6123A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DA913AF9-86AF-4419-968B-394C17FF3D59}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC0BEA9A-9C5C-4B03-A361-DA7DD537B000}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E1A770AF-2895-4B6C-96E6-6CE9DA7CDFAC}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E947E171-9B0C-4FA2-8DAE-4807EAD8FCE6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC866DE4-C0B4-4E80-A0E9-7CF6ED868EC8}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C0720E-3439-4C7A-A7B6-CE94D0C34A98}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{1E814E93-C8D2-4162-91E5-92C23E8B9DC4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{34F1E209-0ECC-4CFB-80F2-62BA1EF93772}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{362F7AE5-529E-4B20-9261-D5091F070B21}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3DCA3762-FD4C-4341-85BA-D7CD101F8E99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{436DFD15-F1C2-486B-B2E3-1AA584AF4EC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A171E9D-D4EF-404A-A6EE-F6B74AB79F61}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{66436AF9-8095-4630-AFC7-8FDDF3D39E6F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6D88DBDA-9EF8-4A7E-B96E-570DEA7E9AFF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{6DCDE933-C0F7-439B-BD4E-C524C55CE969}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{8C098FC5-CBF7-4B41-B6A2-240B1B6D42D6}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{8F51EC58-4BAC-469E-91A5-EED4707FCA3F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{972A0682-9454-4CEE-B344-2F399103EAC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1368BEF-6A62-436E-B653-934AAFFC1B75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A82E6FF3-BAA7-47DE-B27F-FEEBF206378B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2C5C929-5CDD-40B0-AFCE-C6A9F9ADE80F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2E61DE9-D347-4466-9B15-F07D24FEB3F4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CE2E006F-DE87-4E02-B2B2-BE04DF338805}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D071B0B8-897D-4266-A62C-7075CF3102B5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E0175CD6-C982-41A8-BBEE-D729C915B89B}" = protocol=6 | dir=out | app=system |
"{E1CB977E-96B1-41C7-B9AD-8313690D3075}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4E432E7-22BC-462C-821D-FBA826B7EB35}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EFEC19C9-16DE-41E0-AD07-B2E1FF426B84}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{FC39B41A-42CE-4C69-A28F-36BEBAFCBDA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0F2B1605-7543-4445-8AAD-F415B0742270}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{7CD62A30-DAA6-4866-9334-DE6D278E21A8}D:\epsonnet easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=d:\epsonnet easyinstall\easyinstall.exe |
"TCP Query User{CFE04A56-492E-45B3-B0EC-DC4BA68112EC}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{E728FA4B-4CEC-4116-80E8-2C70A9B059EC}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{F7D77862-15E8-4D9D-8177-74C08035AD44}C:\program files\freeciv-2.3.0-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=c:\program files\freeciv-2.3.0-gtk2\freeciv-server.exe |
"UDP Query User{2C9DEE7E-C280-4689-8A17-1A4BC91FF4C6}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4E9F5E9C-ACAA-412E-8F23-214D4509F534}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{4ECD9420-BAAF-405D-90D6-0BB4BA0971DD}C:\program files\freeciv-2.3.0-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=c:\program files\freeciv-2.3.0-gtk2\freeciv-server.exe |
"UDP Query User{CDC8A4E4-1900-41A5-857A-71BE8653F813}D:\epsonnet easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=d:\epsonnet easyinstall\easyinstall.exe |
"UDP Query User{EB40D69F-479D-4E06-8CF8-E67C31EA2488}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = Software Suite
"{4A49BF17-D3D0-49F1-B17E-ACAE15F94CE2}}_is1" = New Star Soccer 5 v1.09
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{917F080C-F7A3-41CE-AF03-40163647851C}" = ESET NOD32 Antivirus
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Canon MP210 series Benutzerregistrierung" = Canon MP210 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Capture NX 2" = Capture NX 2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EPSON B40W Series" = EPSON B40W Series Printer Uninstall
"EPSON Stylus Office B40W_T40W Benutzerhandbuch" = EPSON Stylus Office B40W_T40W Handbuch
"Google Chrome" = Google Chrome
"Graboid Video" = Graboid Video 2.4
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"Telekom Internet Manager" = Telekom Internet Manager
"Veetle TV" = Veetle TV
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.06.2012 09:46:47 | Computer Name = kalb-PC | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 19.0.1084.52 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: df8 Startzeit:
01cd449ecbb8cd7a Endzeit: 1260 Anwendungspfad: C:\Program Files\Google\Chrome\Application\chrome.exe
Berichts-ID:
1decf578-b0a7-11e1-978b-001a801851dd
Error - 07.06.2012 15:46:35 | Computer Name = kalb-PC | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 19.0.1084.52 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f30 Startzeit:
01cd44c6c2bfa0e6 Endzeit: 531 Anwendungspfad: C:\Program Files\Google\Chrome\Application\chrome.exe
Berichts-ID:
639ae0e4-b0d9-11e1-a9e6-001a801851dd
Error - 08.06.2012 12:19:20 | Computer Name = kalb-PC | Source = Bonjour Service | ID = 100
Description =
Error - 08.06.2012 12:19:20 | Computer Name = kalb-PC | Source = Bonjour Service | ID = 100
Description =
Error - 08.06.2012 13:52:32 | Computer Name = kalb-PC | Source = Bonjour Service | ID = 100
Description =
Error - 08.06.2012 13:52:32 | Computer Name = kalb-PC | Source = Bonjour Service | ID = 100
Description =
Error - 13.06.2012 08:42:20 | Computer Name = kalb-PC | Source = Bonjour Service | ID = 100
Description =
Error - 13.06.2012 08:42:20 | Computer Name = kalb-PC | Source = Bonjour Service | ID = 100
Description =
Error - 14.06.2012 15:41:32 | Computer Name = kalb-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_WinDefend, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: mpengine.dll, Version: 1.1.8403.0,
Zeitstempel: 0x4fa94c1e Ausnahmecode: 0xc0000006 Fehleroffset: 0x002fb2fe ID des fehlerhaften
Prozesses: 0xb74 Startzeit der fehlerhaften Anwendung: 0x01cd4a5e2efe0bf4 Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{92D971F0-DC27-47DA-97AC-637B732B4C97}\mpengine.dll
Berichtskennung:
f1238176-b658-11e1-80e7-001a801851dd
Error - 14.06.2012 15:41:32 | Computer Name = kalb-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\ProgramData\Microsoft\Windows
Defender\Definition Updates\{92D971F0-DC27-47DA-97AC-637B732B4C97}\mpengine.dll"
zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger
mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern,
oder der Datenträger fehlt. Das Programm Hostprozess für Windows-Dienste wurde wegen
dieses Fehlers geschlossen. Programm: Hostprozess für Windows-Dienste Datei: C:\ProgramData\Microsoft\Windows
Defender\Definition Updates\{92D971F0-DC27-47DA-97AC-637B732B4C97}\mpengine.dll
Der
Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: C0000185 Datenträgertyp: 3
[ Media Center Events ]
Error - 07.05.2010 16:15:58 | Computer Name = kalb-PC | Source = MCUpdate | ID = 0
Description = 22:15:58 - Fehler beim Herstellen der Internetverbindung. 22:15:58
- Serververbindung konnte nicht hergestellt werden..
Error - 09.05.2010 16:43:09 | Computer Name = kalb-PC | Source = MCUpdate | ID = 0
Description = 22:43:09 - Fehler beim Herstellen der Internetverbindung. 22:43:09
- Serververbindung konnte nicht hergestellt werden..
Error - 09.05.2010 16:43:17 | Computer Name = kalb-PC | Source = MCUpdate | ID = 0
Description = 22:43:14 - Fehler beim Herstellen der Internetverbindung. 22:43:14
- Serververbindung konnte nicht hergestellt werden..
Error - 13.05.2010 09:51:37 | Computer Name = kalb-PC | Source = MCUpdate | ID = 0
Description = 15:51:37 - Fehler beim Herstellen der Internetverbindung. 15:51:37
- Serververbindung konnte nicht hergestellt werden..
Error - 13.05.2010 09:51:47 | Computer Name = kalb-PC | Source = MCUpdate | ID = 0
Description = 15:51:42 - Fehler beim Herstellen der Internetverbindung. 15:51:42
- Serververbindung konnte nicht hergestellt werden..
Error - 13.05.2010 10:56:40 | Computer Name = kalb-PC | Source = MCUpdate | ID = 0
Description = 16:56:40 - Fehler beim Herstellen der Internetverbindung. 16:56:40
- Serververbindung konnte nicht hergestellt werden..
Error - 13.05.2010 10:56:49 | Computer Name = kalb-PC | Source = MCUpdate | ID = 0
Description = 16:56:45 - Fehler beim Herstellen der Internetverbindung. 16:56:45
- Serververbindung konnte nicht hergestellt werden..
Error - 13.05.2010 11:57:20 | Computer Name = kalb-PC | Source = MCUpdate | ID = 0
Description = 17:57:20 - Fehler beim Herstellen der Internetverbindung. 17:57:20
- Serververbindung konnte nicht hergestellt werden..
Error - 13.05.2010 11:57:34 | Computer Name = kalb-PC | Source = MCUpdate | ID = 0
Description = 17:57:25 - Fehler beim Herstellen der Internetverbindung. 17:57:25
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 09.10.2012 07:23:35 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.10.2012 07:25:41 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.10.2012 07:25:41 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.10.2012 07:25:41 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.10.2012 07:30:41 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.10.2012 07:30:41 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.10.2012 07:30:41 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.10.2012 07:32:49 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.10.2012 07:32:49 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.10.2012 07:32:49 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report > --- --- ---
Musste den scan übrigens wieder im abgesicherten modus machen, weil windows wieder nicht starten will. lg |