Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2 (https://www.trojaner-board.de/125378-virenprogamme-stuerzen-beim-scan-ab-datei-recycle-s-1-5-21-20-rhodoqf2.html)

JanK 08.10.2012 20:06
Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2
 
Hallo Computerfreunde,

leider habe ich ein problem: gestern abend ist mein computer abgestürzt und ich konnte windows 7 nicht mehr laden(dubiose pixel beim laden) . im abgesicherten modus wollte ich dann ein altes systemupdate laden, dabei ist der computer wieder abgestürzt.(blauer bildschirm mit sowas ähnlichem wie data dump/system crashed down) der anschließende neustart ging nicht und die starthilfe suchte nach dem problem.ohne erfolg. ich konnte windows nicht mehr nutzen.
heute morgen geht alles wieder. habe NOD32 Antivirus und Malwarebytes laufen lassen und beide stürzen ab bei folgender datei:
c:$recycle.bin s-1-5-21....$rhodoqf2.exe:daumenrunter:

fürchte ich habe einen ordentlichen virus eingefangen.über hilfe wäre ich sehr dankbar

lg

schrauber 09.10.2012 06:22
Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

JanK 09.10.2012 12:36
Vielen danke für deine Antwort und dein Bemühen:OTL Logfile:
Code:
OTL logfile created on: 09.10.2012 13:22:34 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\kalb\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 79,43% Memory free
4,00 Gb Paging File | 3,60 Gb Available in Paging File | 90,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,98 Gb Total Space | 92,61 Gb Free Space | 66,63% Space Free | Partition Type: NTFS
 
Computer Name: JANUSCHEL | User Name: kalb | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.09 13:20:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kalb\Downloads\OTL.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.05.09 15:24:26 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.04.07 21:10:38 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.04.07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008.04.17 14:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007.12.17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007.01.11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ycwbbmmf.sys -- (ycwbbmmf)
DRV - [2012.10.08 20:23:02 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.09.19 10:02:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudobex.sys -- (ssudobex)
DRV - [2012.09.19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.09.19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 21:28:45 | 000,573,440 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2010.06.17 21:28:45 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2010.04.07 21:08:12 | 000,096,896 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2010.04.07 21:07:08 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.04.07 21:03:46 | 000,133,512 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2009.12.15 10:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009.12.15 10:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.10.07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009.10.07 08:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.05.26 11:35:50 | 008,235,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.08.03 05:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0C2D0630-2882-431F-AA84-3A6454B32EC2}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=68346eae-f732-11e0-939b-001a801851dd&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A8214D94-1C7F-4B5B-8419-DEEA53AD04D5}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=68346eae-f732-11e0-939b-001a801851dd&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 E3 43 1F 8C EE CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0C2D0630-2882-431F-AA84-3A6454B32EC2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0C2D0630-2882-431F-AA84-3A6454B32EC2}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de
IE - HKCU\..\SearchScopes\{4B1EB107-BCD3-4FB2-98E0-E70F4FC45DF9}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{A8214D94-1C7F-4B5B-8419-DEEA53AD04D5}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1"
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=1&src=sp&cf=68346eae-f732-11e0-939b-001a801851dd&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\kalb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.13 20:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.08 19:06:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.05.09 13:21:45 | 000,000,000 | ---D | M]
 
[2011.09.13 20:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kalb\AppData\Roaming\mozilla\Extensions
[2012.10.08 18:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kalb\AppData\Roaming\mozilla\Firefox\Profiles\su33pu6f.default\extensions
[2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\kalb\AppData\Roaming\mozilla\firefox\profiles\su33pu6f.default\searchplugins\startsear.xml
[2011.10.06 19:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.09.03 08:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.03 02:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.03 02:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 02:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 02:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 02:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Mystical Land Installer (Enabled) = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdkjcaifgmiepgkhohjooakknonejoc\1.0.0.10_0\NPMysticalLandInstaller.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\kalb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Speed Dial = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.1_0\
CHR - Extension: Mystical Land Installer = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdkjcaifgmiepgkhohjooakknonejoc\1.0.0.10_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\Telekom\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [EPSON B40W Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIELE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] C:\Program Files\Telekom\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{001F3B16-5351-4CBF-A8E5-14CAB653679C}: DhcpNameServer = 10.74.83.22 193.254.160.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67AA8B79-A64D-483C-8462-B07FB5A09434}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85E7A7E5-94CA-43E5-878F-6EB4F267B1F9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8724439-8D79-46A7-BEB7-CB2730586F8C}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7d9506aa-6916-11e0-a680-001a801851dd}\Shell - "" = AutoRun
O33 - MountPoints2\{7d9506aa-6916-11e0-a680-001a801851dd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7d9506c1-6916-11e0-a680-001a801851dd}\Shell - "" = AutoRun
O33 - MountPoints2\{7d9506c1-6916-11e0-a680-001a801851dd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.08 19:51:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.10.08 19:51:46 | 000,000,000 | ---D | C] -- C:\Users\kalb\AppData\Roaming\Malwarebytes
[2012.10.08 19:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.08 19:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.08 19:51:24 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.08 19:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.08 18:06:59 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Fächer
[2012.10.06 14:29:51 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Behindertenhilfe Bergstrasse
[2012.09.19 10:02:08 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudobex.sys
[2012.09.19 10:02:06 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012.09.19 10:02:06 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012.09.17 22:25:24 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Praktikum Köln(2012)
[2012.09.17 16:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.17 16:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.17 16:09:29 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.09.15 12:21:40 | 000,000,000 | ---D | C] -- C:\Users\kalb\AppData\Local\{8AA270C9-F234-4F35-A854-5F1DFA5BD769}
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.09 13:08:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.09 13:08:40 | 197,505,467 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.09 13:08:38 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.09 13:07:25 | 000,131,072 | -H-- | M] () -- C:\Windows\DUMP7e50.DMP
[2012.10.08 21:42:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.08 20:41:32 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.08 20:41:32 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.08 20:34:34 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.10.08 20:34:23 | 000,054,932 | ---- | M] () -- C:\Users\kalb\AppData\Roaming\nvModes.001
[2012.10.08 20:34:13 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.08 20:23:02 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.10.08 19:51:26 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.08 17:24:20 | 000,054,932 | ---- | M] () -- C:\Users\kalb\AppData\Roaming\nvModes.dat
[2012.10.08 14:09:37 | 000,664,868 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.08 14:09:37 | 000,625,010 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.08 14:09:37 | 000,135,004 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.08 14:09:37 | 000,110,648 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.08 14:08:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.10.07 17:44:12 | 000,131,072 | -H-- | M] () -- C:\Windows\DUMP9b66.DMP
[2012.09.27 12:47:37 | 000,002,320 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.19 10:02:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudobex.sys
[2012.09.19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012.09.19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012.09.17 16:09:40 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.09 13:07:25 | 000,131,072 | -H-- | C] () -- C:\Windows\DUMP7e50.DMP
[2012.10.08 19:51:26 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.08 14:08:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.10.07 17:44:12 | 000,131,072 | -H-- | C] () -- C:\Windows\DUMP9b66.DMP
[2012.09.17 16:09:40 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.04.02 20:57:44 | 000,004,608 | ---- | C] () -- C:\Users\kalb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.28 23:24:27 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2012.02.28 23:24:27 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2011.11.03 01:46:25 | 000,007,630 | ---- | C] () -- C:\Users\kalb\AppData\Roaming\.freeciv-client-rc-2.3
[2011.09.13 12:56:39 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.11.22 00:06:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\PrintsService
[2010.11.22 00:06:17 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\PreferencePane
[2010.11.22 00:06:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.11.22 00:02:44 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Printers
[2010.11.22 00:02:44 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\Pop Flute
[2010.11.22 00:02:44 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010.11.21 18:47:02 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\Woodwind
[2010.11.21 18:47:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\business-inkjet
[2010.11.21 18:47:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Dictionaries
[2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Workflows
[2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Work - Home
[2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\Widgets
[2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\WebServer
[2010.11.21 18:40:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbw.DAT
[2010.11.21 18:40:08 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Devices
[2010.11.21 18:40:08 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Desktop Pictures
[2010.11.21 18:33:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.05.14 18:07:21 | 000,000,092 | ---- | C] () -- C:\Users\kalb\AppData\Local\fusioncache.dat
[2010.05.14 09:39:14 | 000,054,932 | ---- | C] () -- C:\Users\kalb\AppData\Roaming\nvModes.001
[2010.05.14 00:39:30 | 000,054,932 | ---- | C] () -- C:\Users\kalb\AppData\Roaming\nvModes.dat
[2010.05.07 22:09:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.11.03 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\.freeciv
[2012.04.15 15:25:53 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Babylon
[2012.08.10 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Canon
[2011.02.13 16:19:21 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\EPSON
[2010.11.22 00:12:20 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Nikon
[2011.09.13 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\OpenCandy
[2011.02.13 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Panasonic
[2012.06.19 13:52:02 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Samsung
[2011.09.13 12:56:29 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\ScanSoft
[2011.04.17 19:45:56 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Telekom
[2012.10.07 17:46:13 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Telekom Internet Manager
[2012.03.14 22:33:13 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Unity
[2011.09.14 14:18:24 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.05.07 22:02:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.05.02 22:23:15 | 000,000,000 | ---D | M] -- C:\$UPGRADE.~OS
[2012.07.01 12:37:21 | 000,000,000 | ---D | M] -- C:\Big Fish Games
[2011.07.10 17:35:39 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.10.08 19:03:38 | 000,000,000 | ---D | M] -- C:\bwinPoker JPC
[2009.10.18 15:52:54 | 000,000,000 | ---D | M] -- C:\Click to DVD 2
[2012.10.08 19:17:14 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2007.08.12 11:26:06 | 000,000,000 | ---D | M] -- C:\Documentation
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.07.20 14:57:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.05.02 20:23:09 | 000,000,000 | -HSD | M] -- C:\found.000
[2007.11.04 01:18:29 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.06.17 22:10:32 | 000,000,000 | ---D | M] -- C:\MyVideos
[2010.04.11 14:00:24 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.10.08 19:51:24 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.08 19:51:25 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.07.20 14:57:47 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.05.07 22:01:56 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.10.08 20:54:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.05.07 22:20:59 | 000,000,000 | ---D | M] -- C:\Temp
[2010.04.05 22:47:48 | 000,000,000 | ---D | M] -- C:\Update
[2010.05.07 22:02:03 | 000,000,000 | R--D | M] -- C:\Users
[2007.08.12 11:36:33 | 000,000,000 | -H-D | M] -- C:\WAUUPGRD
[2012.10.09 13:08:40 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
 
< %localappdata%\*. /5 >
[2012.10.08 18:45:43 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Diagnostics
[2012.10.07 18:09:37 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\ElevatedDiagnostics
[2012.10.08 19:23:13 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Microsoft
[2012.10.08 18:47:48 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\MigWiz
[2012.10.08 16:29:39 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\PokerStars.EU
[2012.10.09 13:22:31 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Temp
[2012.10.08 19:23:04 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Windows Live

< End of report >
--- --- ---


OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 09.10.2012 13:22:34 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\kalb\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 79,43% Memory free
4,00 Gb Paging File | 3,60 Gb Available in Paging File | 90,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,98 Gb Total Space | 92,61 Gb Free Space | 66,63% Space Free | Partition Type: NTFS
 
Computer Name: JANUSCHEL | User Name: kalb | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B41FD57-0FF8-4496-A494-AF31C19D1507}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0B90BB45-C1A2-4117-8DFE-0308B122D109}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{20B65229-348A-4F4C-A1D9-986AC5F7BB57}" = rport=10243 | protocol=6 | dir=out | app=system |
"{214EDA10-945A-4B59-A514-FB80E9DADF08}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2232910A-9D52-497C-B8ED-74728D5D7235}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{229039CD-36CC-4BDC-B67D-460585A9590A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25CE5F50-5059-4902-9B2D-00B55B49D269}" = rport=2869 | protocol=6 | dir=out | app=system |
"{29ADB81B-C89E-4D69-8ED0-BC3EE392F588}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2A87DA0E-2EF9-4763-BA47-2720039CD6FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{856F30AD-260D-4536-8352-A5F3B810DF42}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89D2F162-15E3-44CA-B367-C3438ABAF9A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9581B345-C56A-4620-ACBD-74E7BCB4B699}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A2FBA7E-771B-4B8F-9000-49F42E49E557}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA2806D1-FE4A-4CE6-8F52-39E8297065DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BDE63862-F505-432C-960C-E4331B1C53DE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CDB0BDB0-4F97-4E02-AA5C-B16544C6123A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DA913AF9-86AF-4419-968B-394C17FF3D59}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC0BEA9A-9C5C-4B03-A361-DA7DD537B000}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E1A770AF-2895-4B6C-96E6-6CE9DA7CDFAC}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E947E171-9B0C-4FA2-8DAE-4807EAD8FCE6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC866DE4-C0B4-4E80-A0E9-7CF6ED868EC8}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C0720E-3439-4C7A-A7B6-CE94D0C34A98}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{1E814E93-C8D2-4162-91E5-92C23E8B9DC4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{34F1E209-0ECC-4CFB-80F2-62BA1EF93772}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{362F7AE5-529E-4B20-9261-D5091F070B21}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3DCA3762-FD4C-4341-85BA-D7CD101F8E99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{436DFD15-F1C2-486B-B2E3-1AA584AF4EC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A171E9D-D4EF-404A-A6EE-F6B74AB79F61}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{66436AF9-8095-4630-AFC7-8FDDF3D39E6F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6D88DBDA-9EF8-4A7E-B96E-570DEA7E9AFF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{6DCDE933-C0F7-439B-BD4E-C524C55CE969}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{8C098FC5-CBF7-4B41-B6A2-240B1B6D42D6}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{8F51EC58-4BAC-469E-91A5-EED4707FCA3F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{972A0682-9454-4CEE-B344-2F399103EAC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1368BEF-6A62-436E-B653-934AAFFC1B75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A82E6FF3-BAA7-47DE-B27F-FEEBF206378B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2C5C929-5CDD-40B0-AFCE-C6A9F9ADE80F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2E61DE9-D347-4466-9B15-F07D24FEB3F4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CE2E006F-DE87-4E02-B2B2-BE04DF338805}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D071B0B8-897D-4266-A62C-7075CF3102B5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E0175CD6-C982-41A8-BBEE-D729C915B89B}" = protocol=6 | dir=out | app=system |
"{E1CB977E-96B1-41C7-B9AD-8313690D3075}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4E432E7-22BC-462C-821D-FBA826B7EB35}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EFEC19C9-16DE-41E0-AD07-B2E1FF426B84}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{FC39B41A-42CE-4C69-A28F-36BEBAFCBDA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0F2B1605-7543-4445-8AAD-F415B0742270}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{7CD62A30-DAA6-4866-9334-DE6D278E21A8}D:\epsonnet easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=d:\epsonnet easyinstall\easyinstall.exe |
"TCP Query User{CFE04A56-492E-45B3-B0EC-DC4BA68112EC}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{E728FA4B-4CEC-4116-80E8-2C70A9B059EC}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{F7D77862-15E8-4D9D-8177-74C08035AD44}C:\program files\freeciv-2.3.0-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=c:\program files\freeciv-2.3.0-gtk2\freeciv-server.exe |
"UDP Query User{2C9DEE7E-C280-4689-8A17-1A4BC91FF4C6}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4E9F5E9C-ACAA-412E-8F23-214D4509F534}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{4ECD9420-BAAF-405D-90D6-0BB4BA0971DD}C:\program files\freeciv-2.3.0-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=c:\program files\freeciv-2.3.0-gtk2\freeciv-server.exe |
"UDP Query User{CDC8A4E4-1900-41A5-857A-71BE8653F813}D:\epsonnet easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=d:\epsonnet easyinstall\easyinstall.exe |
"UDP Query User{EB40D69F-479D-4E06-8CF8-E67C31EA2488}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = Software Suite
"{4A49BF17-D3D0-49F1-B17E-ACAE15F94CE2}}_is1" = New Star Soccer 5 v1.09
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{917F080C-F7A3-41CE-AF03-40163647851C}" = ESET NOD32 Antivirus
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Canon MP210 series Benutzerregistrierung" = Canon MP210 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Capture NX 2" = Capture NX 2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EPSON B40W Series" = EPSON B40W Series Printer Uninstall
"EPSON Stylus Office B40W_T40W Benutzerhandbuch" = EPSON Stylus Office B40W_T40W Handbuch
"Google Chrome" = Google Chrome
"Graboid Video" = Graboid Video 2.4
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"Telekom Internet Manager" = Telekom Internet Manager
"Veetle TV" = Veetle TV
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.06.2012 09:46:47 | Computer Name = kalb-PC | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 19.0.1084.52 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: df8    Startzeit:
01cd449ecbb8cd7a    Endzeit: 1260    Anwendungspfad: C:\Program Files\Google\Chrome\Application\chrome.exe

Berichts-ID:
 1decf578-b0a7-11e1-978b-001a801851dd 
 
Error - 07.06.2012 15:46:35 | Computer Name = kalb-PC | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 19.0.1084.52 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f30    Startzeit:
01cd44c6c2bfa0e6    Endzeit: 531    Anwendungspfad: C:\Program Files\Google\Chrome\Application\chrome.exe

Berichts-ID:
 639ae0e4-b0d9-11e1-a9e6-001a801851dd 
 
Error - 08.06.2012 12:19:20 | Computer Name = kalb-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 08.06.2012 12:19:20 | Computer Name = kalb-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 08.06.2012 13:52:32 | Computer Name = kalb-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 08.06.2012 13:52:32 | Computer Name = kalb-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 13.06.2012 08:42:20 | Computer Name = kalb-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 13.06.2012 08:42:20 | Computer Name = kalb-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 14.06.2012 15:41:32 | Computer Name = kalb-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_WinDefend, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: mpengine.dll, Version: 1.1.8403.0,
 Zeitstempel: 0x4fa94c1e  Ausnahmecode: 0xc0000006  Fehleroffset: 0x002fb2fe  ID des fehlerhaften
 Prozesses: 0xb74  Startzeit der fehlerhaften Anwendung: 0x01cd4a5e2efe0bf4  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{92D971F0-DC27-47DA-97AC-637B732B4C97}\mpengine.dll
Berichtskennung:
 f1238176-b658-11e1-80e7-001a801851dd
 
Error - 14.06.2012 15:41:32 | Computer Name = kalb-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\ProgramData\Microsoft\Windows
 Defender\Definition Updates\{92D971F0-DC27-47DA-97AC-637B732B4C97}\mpengine.dll"
 zugegriffen werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger
 mit der gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern,
 oder der Datenträger fehlt.  Das Programm Hostprozess für Windows-Dienste wurde wegen
 dieses Fehlers geschlossen.    Programm: Hostprozess für Windows-Dienste  Datei: C:\ProgramData\Microsoft\Windows
 Defender\Definition Updates\{92D971F0-DC27-47DA-97AC-637B732B4C97}\mpengine.dll

Der
 Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1.
Öffnen Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und  - diese sich im Netzwerk
befindet,  dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.  - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
  Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: C0000185  Datenträgertyp: 3
 
[ Media Center Events ]
Error - 07.05.2010 16:15:58 | Computer Name = kalb-PC | Source = MCUpdate | ID = 0
Description = 22:15:58 - Fehler beim Herstellen der Internetverbindung.  22:15:58
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 09.05.2010 16:43:09 | Computer Name = kalb-PC | Source = MCUpdate | ID = 0
Description = 22:43:09 - Fehler beim Herstellen der Internetverbindung.  22:43:09
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 09.05.2010 16:43:17 | Computer Name = kalb-PC | Source = MCUpdate | ID = 0
Description = 22:43:14 - Fehler beim Herstellen der Internetverbindung.  22:43:14
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 13.05.2010 09:51:37 | Computer Name = kalb-PC | Source = MCUpdate | ID = 0
Description = 15:51:37 - Fehler beim Herstellen der Internetverbindung.  15:51:37
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 13.05.2010 09:51:47 | Computer Name = kalb-PC | Source = MCUpdate | ID = 0
Description = 15:51:42 - Fehler beim Herstellen der Internetverbindung.  15:51:42
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 13.05.2010 10:56:40 | Computer Name = kalb-PC | Source = MCUpdate | ID = 0
Description = 16:56:40 - Fehler beim Herstellen der Internetverbindung.  16:56:40
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 13.05.2010 10:56:49 | Computer Name = kalb-PC | Source = MCUpdate | ID = 0
Description = 16:56:45 - Fehler beim Herstellen der Internetverbindung.  16:56:45
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 13.05.2010 11:57:20 | Computer Name = kalb-PC | Source = MCUpdate | ID = 0
Description = 17:57:20 - Fehler beim Herstellen der Internetverbindung.  17:57:20
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 13.05.2010 11:57:34 | Computer Name = kalb-PC | Source = MCUpdate | ID = 0
Description = 17:57:25 - Fehler beim Herstellen der Internetverbindung.  17:57:25
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 09.10.2012 07:23:35 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 09.10.2012 07:25:41 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 09.10.2012 07:25:41 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 09.10.2012 07:25:41 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 09.10.2012 07:30:41 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 09.10.2012 07:30:41 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 09.10.2012 07:30:41 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 09.10.2012 07:32:49 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 09.10.2012 07:32:49 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 09.10.2012 07:32:49 | Computer Name = JANUSCHEL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >
--- --- ---

Musste den scan übrigens wieder im abgesicherten modus machen, weil windows wieder nicht starten will. lg

schrauber 09.10.2012 13:06
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

JanK 09.10.2012 13:22
kann mein antivirusprogramm nicht abschalten. befinde mich ja im abgesichertem modus und kann es deswegen nicht richtig öffnen.wie kann ich das denn beenden?

schrauber 09.10.2012 13:28
Rechtsklick auf das Sysmbol, oder über Programme aufrufen, oder via Taskmanager beenden. Wenn alles nichts hilft deinstallieren und wir installieren es nachher wieder.

JanK 09.10.2012 13:39
so ein mist. kann nichts machen, weil ich im abgesichertem modus fest stecke

konnte es endlich löschen und soll jetzt einen neustart machen

schrauber 09.10.2012 13:46
Dann boote einmal neu in den normalen wenn möglich, ansonsten in den abgesicherten Modus.

JanK 09.10.2012 14:04
also, aufeinmal konnte windows wieder normal gestartet werden.

Combofix Logfile:
Code:
ComboFix 12-10-08.03 - kalb 09.10.2012  14:51:47.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.2046.1095 [GMT 2:00]
ausgeführt von:: c:\users\kalb\Desktop\Scannreport OTL 09.19.2012\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kalb\4.0
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-09 bis 2012-10-09  ))))))))))))))))))))))))))))))
.
.
2012-10-09 13:00 . 2012-10-09 13:00        --------        d-----w-        c:\users\kalb\AppData\Local\temp
2012-10-09 13:00 . 2012-10-09 13:00        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-09 12:54 . 2012-10-09 12:54        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3E9535A-F890-45AB-80BB-E88A2B26F7B8}\offreg.dll
2012-10-09 12:48 . 2012-08-30 08:17        6980552        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3E9535A-F890-45AB-80BB-E88A2B26F7B8}\mpengine.dll
2012-10-08 17:51 . 2012-10-08 17:51        --------        d-----w-        c:\users\kalb\AppData\Roaming\Malwarebytes
2012-10-08 17:51 . 2012-10-08 17:51        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-26 09:11 . 2012-08-21 20:12        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe
2012-09-19 08:02 . 2012-09-19 08:02        181344        ----a-w-        c:\windows\system32\drivers\ssudobex.sys
2012-09-19 08:02 . 2012-09-19 08:02        83168        ----a-w-        c:\windows\system32\drivers\ssudbus.sys
2012-09-19 08:02 . 2012-09-19 08:02        581192        ----a-w-        c:\windows\system32\WinUSBCoInstaller.dll
2012-09-19 08:02 . 2012-09-19 08:02        181344        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys
2012-09-19 08:02 . 2012-09-19 08:02        1112288        ----a-w-        c:\windows\system32\WdfCoInstaller01007.dll
2012-09-17 14:09 . 2012-09-17 14:09        --------        d-----w-        c:\program files\Common Files\Skype
2012-09-17 14:09 . 2012-09-17 14:09        --------        d-----r-        c:\program files\Skype
2012-09-17 10:32 . 2012-08-22 17:16        712048        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-09-17 10:32 . 2012-07-04 19:45        33280        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys
2012-09-17 10:32 . 2012-07-04 19:45        33280        ----a-w-        c:\windows\system32\drivers\rndismpx.sys
2012-09-17 10:32 . 2012-08-22 17:16        1292144        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-17 10:32 . 2012-08-22 17:16        240496        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-17 10:32 . 2012-08-22 17:16        187760        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-17 10:32 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\system32\d3d10level9.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 17:47 . 2012-08-15 12:28        2345984        ----a-w-        c:\windows\system32\win32k.sys
2011-09-03 06:18 . 2011-09-13 18:48        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-24 39408]
"HW_OPENEYE_OUC_Telekom Internet Manager"="c:\program files\Telekom\InternetManager_H\UpdateDog\ouc.exe" [2009-12-31 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2009-05-26 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-26 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-26 88608]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"DataCardMonitor"="c:\program files\Telekom\InternetManager_H\DataCardMonitor.exe" [2011-04-17 253952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
.
c:\users\kalb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-4-10 479232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 ycwbbmmf;ycwbbmmf;c:\windows\system32\drivers\ycwbbmmf.sys [x]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [x]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [x]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 11:12]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 11:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
mStart Page = hxxp://startsear.ch/?aff=1
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\kalb\AppData\Roaming\Mozilla\Firefox\Profiles\su33pu6f.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=68346eae-f732-11e0-939b-001a801851dd&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
HKLM-Run-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2086349673-4076395582-134452066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2086349673-4076395582-134452066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-09  15:02:07
ComboFix-quarantined-files.txt  2012-10-09 13:02
.
Vor Suchlauf: 14 Verzeichnis(se), 100.266.356.736 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 106.013.003.776 Bytes frei
.
- - End Of File - - 2D381CD20A34D67697A7B0C111784FC1
--- --- ---

schrauber 09.10.2012 14:41
Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:
BleepingComputer.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
Driver::
ycwbbmmf
File::
c:\windows\system32\drivers\ycwbbmmf.sys
Firefox::
FF - ProfilePath - c:\users\kalb\AppData\Roaming\Mozilla\Firefox\Profiles\su33pu6f.default\
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=68346eae-f732-11e0-939b-001a801851dd&q=
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

JanK 09.10.2012 15:22
beim ersten versuch hat er sich aufgehängt. hoffe diese skript hilft weiter:
Combofix Logfile:
Code:
ComboFix 12-10-09.01 - kalb 09.10.2012  16:11:44.4.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.2046.1341 [GMT 2:00]
ausgeführt von:: c:\users\kalb\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\kalb\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\ycwbbmmf.sys"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ycwbbmmf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-09 bis 2012-10-09  ))))))))))))))))))))))))))))))
.
.
2012-10-09 14:18 . 2012-10-09 14:18        --------        d-----w-        c:\users\kalb\AppData\Local\temp
2012-10-09 14:18 . 2012-10-09 14:18        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-09 12:54 . 2012-10-09 14:12        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3E9535A-F890-45AB-80BB-E88A2B26F7B8}\offreg.dll
2012-10-09 12:48 . 2012-08-30 08:17        6980552        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3E9535A-F890-45AB-80BB-E88A2B26F7B8}\mpengine.dll
2012-10-08 17:51 . 2012-10-08 17:51        --------        d-----w-        c:\users\kalb\AppData\Roaming\Malwarebytes
2012-10-08 17:51 . 2012-10-08 17:51        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-26 09:11 . 2012-08-21 20:12        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe
2012-09-19 08:02 . 2012-09-19 08:02        181344        ----a-w-        c:\windows\system32\drivers\ssudobex.sys
2012-09-19 08:02 . 2012-09-19 08:02        83168        ----a-w-        c:\windows\system32\drivers\ssudbus.sys
2012-09-19 08:02 . 2012-09-19 08:02        581192        ----a-w-        c:\windows\system32\WinUSBCoInstaller.dll
2012-09-19 08:02 . 2012-09-19 08:02        181344        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys
2012-09-19 08:02 . 2012-09-19 08:02        1112288        ----a-w-        c:\windows\system32\WdfCoInstaller01007.dll
2012-09-17 14:09 . 2012-09-17 14:09        --------        d-----w-        c:\program files\Common Files\Skype
2012-09-17 14:09 . 2012-09-17 14:09        --------        d-----r-        c:\program files\Skype
2012-09-17 10:32 . 2012-08-22 17:16        712048        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-09-17 10:32 . 2012-07-04 19:45        33280        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys
2012-09-17 10:32 . 2012-07-04 19:45        33280        ----a-w-        c:\windows\system32\drivers\rndismpx.sys
2012-09-17 10:32 . 2012-08-22 17:16        1292144        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-17 10:32 . 2012-08-22 17:16        240496        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-17 10:32 . 2012-08-22 17:16        187760        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-17 10:32 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\system32\d3d10level9.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 17:47 . 2012-08-15 12:28        2345984        ----a-w-        c:\windows\system32\win32k.sys
2011-09-03 06:18 . 2011-09-13 18:48        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-24 39408]
"HW_OPENEYE_OUC_Telekom Internet Manager"="c:\program files\Telekom\InternetManager_H\UpdateDog\ouc.exe" [2009-12-31 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2009-05-26 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-26 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-26 88608]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"DataCardMonitor"="c:\program files\Telekom\InternetManager_H\DataCardMonitor.exe" [2011-04-17 253952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
.
c:\users\kalb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-4-10 479232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [x]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [x]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 11:12]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 11:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
mStart Page = hxxp://startsear.ch/?aff=1
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\kalb\AppData\Roaming\Mozilla\Firefox\Profiles\su33pu6f.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2086349673-4076395582-134452066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2086349673-4076395582-134452066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-09  16:19:58
ComboFix-quarantined-files.txt  2012-10-09 14:19
ComboFix2.txt  2012-10-09 13:02
.
Vor Suchlauf: 21 Verzeichnis(se), 106.075.054.080 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 105.790.062.592 Bytes frei
.
- - End Of File - - 67F6380B74F0B2C769D4F4C80F1E9CA3
--- --- ---

schrauber 09.10.2012 17:33
Malwarebytes bitte updaten, Quick Scan machen, Funde löschen lassen und bitte das Logfile posten :).

JanK 09.10.2012 17:49
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.09.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
kalb :: JANUSCHEL [Administrator]

09.10.2012 18:37:02
mbam-log-2012-10-09 (18-37-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197938
Laufzeit: 4 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

schrauber 09.10.2012 18:29
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.





ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Und ein frisches OTL logfile bitte. Noch Probleme?

JanK 09.10.2012 18:44
# AdwCleaner v2.004 - Datei am 09/10/2012 um 19:43:49 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : kalb - JANUSCHEL
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\kalb\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\kalb\AppData\Roaming\Mozilla\Firefox\Profiles\su33pu6f.default\searchplugins\Startsear.xml
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\Trymedia
Ordner Gefunden : C:\Users\kalb\AppData\Local\Babylon
Ordner Gefunden : C:\Users\kalb\AppData\Local\OpenCandy
Ordner Gefunden : C:\Users\kalb\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\kalb\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKU\S-1-5-21-2086349673-4076395582-134452066-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v6.0.2 (de)

Profilname : default
Datei : C:\Users\kalb\AppData\Roaming\Mozilla\Firefox\Profiles\su33pu6f.default\prefs.js

Gefunden : user_pref("browser.search.defaultengine", "Web Search");
Gefunden : user_pref("browser.search.defaultenginename", "Web Search");
Gefunden : user_pref("browser.search.order.1", "Web Search");
Gefunden : user_pref("browser.search.selectedEngine", "Web Search");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2922 octets] - [09/10/2012 19:43:49]

########## EOF - C:\AdwCleaner[R1].txt - [2982 octets] ##########

# AdwCleaner v2.004 - Datei am 09/10/2012 um 19:45:48 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : kalb - JANUSCHEL
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\kalb\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\kalb\AppData\Roaming\Mozilla\Firefox\Profiles\su33pu6f.default\searchplugins\Startsear.xml
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\kalb\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\kalb\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\kalb\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\kalb\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v6.0.2 (de)

Profilname : default
Datei : C:\Users\kalb\AppData\Roaming\Mozilla\Firefox\Profiles\su33pu6f.default\prefs.js

Gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Gelöscht : user_pref("browser.search.order.1", "Web Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3051 octets] - [09/10/2012 19:43:49]
AdwCleaner[S1].txt - [2823 octets] - [09/10/2012 19:45:48]

########## EOF - C:\AdwCleaner[S1].txt - [2883 octets] ##########

schrauber 09.10.2012 18:56
Supi, dann noch den Rest :)

JanK 09.10.2012 19:16
der scannt grad immer noch. ist echt genial von dir. du hast voll drauf. danke vielmals.machst du das hier beruflich?lg

schrauber 09.10.2012 19:19
wir machen das alle in unserer Freizeit :)

JanK 09.10.2012 20:44
hat keine infizierten datein gefunden. das läuft grad. aber sieht so aus, als ob der computer gereinigt ist, oder sehe ich das falsch?

OTL Logfile:
Code:
OTL logfile created on: 09.10.2012 21:46:52 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\kalb\Desktop\Scannreport OTL 09.19.2012
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 67,78% Memory free
4,00 Gb Paging File | 3,20 Gb Available in Paging File | 80,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,98 Gb Total Space | 98,92 Gb Free Space | 71,17% Space Free | Partition Type: NTFS
 
Computer Name: JANUSCHEL | User Name: kalb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.09 13:20:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kalb\Desktop\Scannreport OTL 09.19.2012\OTL.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.08.19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2009.12.31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\kalb\AppData\Roaming\Telekom Internet Manager\ouc.exe
PRC - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008.04.17 14:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.04.17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008.04.10 17:56:48 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007.12.17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007.04.03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007.02.04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007.01.11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.05.09 15:24:26 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008.04.17 14:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007.12.17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007.01.11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | Auto | Stopped] -- system32\DRIVERS\eamonm.sys -- (eamonm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\kalb\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.09.19 10:02:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudobex.sys -- (ssudobex)
DRV - [2012.09.19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.09.19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 21:28:45 | 000,573,440 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2010.06.17 21:28:45 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2009.12.15 10:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009.12.15 10:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.10.07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009.10.07 08:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.05.26 11:35:50 | 008,235,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.08.03 05:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0C2D0630-2882-431F-AA84-3A6454B32EC2}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=68346eae-f732-11e0-939b-001a801851dd&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A8214D94-1C7F-4B5B-8419-DEEA53AD04D5}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=68346eae-f732-11e0-939b-001a801851dd&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 E3 43 1F 8C EE CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0C2D0630-2882-431F-AA84-3A6454B32EC2}
IE - HKCU\..\SearchScopes\{0C2D0630-2882-431F-AA84-3A6454B32EC2}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de
IE - HKCU\..\SearchScopes\{4B1EB107-BCD3-4FB2-98E0-E70F4FC45DF9}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{A8214D94-1C7F-4B5B-8419-DEEA53AD04D5}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\kalb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.13 20:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.08 19:06:32 | 000,000,000 | ---D | M]
 
[2011.09.13 20:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kalb\AppData\Roaming\mozilla\Extensions
[2012.10.08 18:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kalb\AppData\Roaming\mozilla\Firefox\Profiles\su33pu6f.default\extensions
[2012.10.08 19:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.09.03 08:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.03 02:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.03 02:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 02:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 02:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 02:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Mystical Land Installer (Enabled) = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdkjcaifgmiepgkhohjooakknonejoc\1.0.0.10_0\NPMysticalLandInstaller.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\kalb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Speed Dial = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.1_0\
CHR - Extension: Mystical Land Installer = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdkjcaifgmiepgkhohjooakknonejoc\1.0.0.10_0\
 
O1 HOSTS File: ([2012.10.09 16:18:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\Telekom\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] C:\Program Files\Telekom\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{001F3B16-5351-4CBF-A8E5-14CAB653679C}: DhcpNameServer = 10.74.83.22 193.254.160.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67AA8B79-A64D-483C-8462-B07FB5A09434}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85E7A7E5-94CA-43E5-878F-6EB4F267B1F9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8724439-8D79-46A7-BEB7-CB2730586F8C}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.09 19:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.09 18:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.09 18:35:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.09 18:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.09 16:20:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.09 16:20:00 | 000,000,000 | ---D | C] -- C:\Users\kalb\AppData\Local\temp
[2012.10.09 16:00:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.09 15:47:00 | 004,764,951 | R--- | C] (Swearware) -- C:\Users\kalb\Desktop\ComboFix.exe
[2012.10.09 14:46:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.09 14:46:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.09 14:46:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.09 14:12:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.09 14:12:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.09 13:39:21 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Scannreport OTL 09.19.2012
[2012.10.08 19:51:46 | 000,000,000 | ---D | C] -- C:\Users\kalb\AppData\Roaming\Malwarebytes
[2012.10.08 19:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.08 18:06:59 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Fächer
[2012.10.06 14:29:51 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Behindertenhilfe Bergstrasse
[2012.09.19 10:02:08 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudobex.sys
[2012.09.19 10:02:06 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012.09.19 10:02:06 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012.09.17 22:25:24 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Praktikum Köln(2012)
[2012.09.17 16:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.17 16:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.17 16:09:29 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.09.15 12:21:40 | 000,000,000 | ---D | C] -- C:\Users\kalb\AppData\Local\{8AA270C9-F234-4F35-A854-5F1DFA5BD769}
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.09 21:42:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.09 19:55:23 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 19:55:23 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 19:48:25 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.10.09 19:48:20 | 000,054,932 | ---- | M] () -- C:\Users\kalb\AppData\Roaming\nvModes.001
[2012.10.09 19:48:02 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.09 19:47:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.09 19:47:40 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.09 18:35:38 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.09 16:18:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.10.09 15:45:28 | 004,764,951 | R--- | M] (Swearware) -- C:\Users\kalb\Desktop\ComboFix.exe
[2012.10.09 15:44:40 | 000,002,320 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.10.09 13:08:40 | 197,505,467 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.09 13:07:25 | 000,131,072 | -H-- | M] () -- C:\Windows\DUMP7e50.DMP
[2012.10.08 17:24:20 | 000,054,932 | ---- | M] () -- C:\Users\kalb\AppData\Roaming\nvModes.dat
[2012.10.08 14:09:37 | 000,664,868 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.08 14:09:37 | 000,625,010 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.08 14:09:37 | 000,135,004 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.08 14:09:37 | 000,110,648 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.08 14:08:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.10.07 17:44:12 | 000,131,072 | -H-- | M] () -- C:\Windows\DUMP9b66.DMP
[2012.09.19 10:02:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudobex.sys
[2012.09.19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012.09.19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012.09.17 16:09:40 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.09 18:35:38 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.09 14:46:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.09 14:46:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.09 14:46:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.09 14:46:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.09 14:46:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.09 13:07:25 | 000,131,072 | -H-- | C] () -- C:\Windows\DUMP7e50.DMP
[2012.10.08 14:08:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.10.07 17:44:12 | 000,131,072 | -H-- | C] () -- C:\Windows\DUMP9b66.DMP
[2012.09.17 16:09:40 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.04.02 20:57:44 | 000,004,608 | ---- | C] () -- C:\Users\kalb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.28 23:24:27 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2012.02.28 23:24:27 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2011.11.03 01:46:25 | 000,007,630 | ---- | C] () -- C:\Users\kalb\AppData\Roaming\.freeciv-client-rc-2.3
[2011.09.13 12:56:39 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.11.22 00:06:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\PrintsService
[2010.11.22 00:06:17 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\PreferencePane
[2010.11.22 00:06:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.11.22 00:02:44 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Printers
[2010.11.22 00:02:44 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\Pop Flute
[2010.11.22 00:02:44 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010.11.21 18:47:02 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\Woodwind
[2010.11.21 18:47:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\business-inkjet
[2010.11.21 18:47:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Dictionaries
[2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Workflows
[2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Work - Home
[2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\Widgets
[2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\WebServer
[2010.11.21 18:40:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbw.DAT
[2010.11.21 18:40:08 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Devices
[2010.11.21 18:40:08 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Desktop Pictures
[2010.11.21 18:33:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.05.14 18:07:21 | 000,000,092 | ---- | C] () -- C:\Users\kalb\AppData\Local\fusioncache.dat
[2010.05.14 09:39:14 | 000,054,932 | ---- | C] () -- C:\Users\kalb\AppData\Roaming\nvModes.001
[2010.05.14 00:39:30 | 000,054,932 | ---- | C] () -- C:\Users\kalb\AppData\Roaming\nvModes.dat
[2010.05.07 22:09:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.11.03 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\.freeciv
[2012.08.10 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Canon
[2011.02.13 16:19:21 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\EPSON
[2010.11.22 00:12:20 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Nikon
[2011.02.13 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Panasonic
[2012.06.19 13:52:02 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Samsung
[2011.09.13 12:56:29 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\ScanSoft
[2011.04.17 19:45:56 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Telekom
[2012.10.07 17:46:13 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Telekom Internet Manager
[2012.03.14 22:33:13 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Unity
[2011.09.14 14:18:24 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.10.09 16:20:01 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.05.02 22:23:15 | 000,000,000 | ---D | M] -- C:\$UPGRADE.~OS
[2012.07.01 12:37:21 | 000,000,000 | ---D | M] -- C:\Big Fish Games
[2011.07.10 17:35:39 | 000,000,000 | ---D | M] -- C:\Boot
[2012.10.08 19:03:38 | 000,000,000 | ---D | M] -- C:\bwinPoker JPC
[2009.10.18 15:52:54 | 000,000,000 | ---D | M] -- C:\Click to DVD 2
[2012.10.09 14:43:26 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2007.08.12 11:26:06 | 000,000,000 | ---D | M] -- C:\Documentation
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.07.20 14:57:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.05.02 20:23:09 | 000,000,000 | ---D | M] -- C:\found.000
[2007.11.04 01:18:29 | 000,000,000 | R--D | M] -- C:\MSOCache
[2010.06.17 22:10:32 | 000,000,000 | ---D | M] -- C:\MyVideos
[2010.04.11 14:00:24 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.10.09 19:51:35 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.09 19:45:48 | 000,000,000 | ---D | M] -- C:\ProgramData
[2007.07.20 14:57:47 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.10.09 16:20:00 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.05.07 22:01:56 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.10.09 21:48:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.05.07 22:20:59 | 000,000,000 | ---D | M] -- C:\Temp
[2010.04.05 22:47:48 | 000,000,000 | ---D | M] -- C:\Update
[2010.05.07 22:02:03 | 000,000,000 | R--D | M] -- C:\Users
[2007.08.12 11:36:33 | 000,000,000 | ---D | M] -- C:\WAUUPGRD
[2012.10.09 16:18:49 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
 
< %localappdata%\*. /5 >
[2012.10.08 18:45:43 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Diagnostics
[2012.10.09 14:19:20 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\ElevatedDiagnostics
[2012.10.08 19:23:13 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Microsoft
[2012.10.08 18:47:48 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\MigWiz
[2012.10.08 16:29:39 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\PokerStars.EU
[2012.10.09 21:46:48 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\temp
[2012.10.08 19:23:04 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Windows Live

< End of report >
--- --- ---

Combofix Logfile:
Code:
ComboFix 12-10-09.01 - kalb 09.10.2012  22:04:42.5.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.2046.995 [GMT 2:00]
ausgeführt von:: c:\users\kalb\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\kalb\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\ycwbbmmf.sys"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-09 bis 2012-10-09  ))))))))))))))))))))))))))))))
.
.
2012-10-09 20:12 . 2012-10-09 20:12        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-09 17:51 . 2012-10-09 17:51        --------        d-----w-        c:\program files\ESET
2012-10-09 16:35 . 2012-10-09 16:35        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-10-09 16:35 . 2012-09-07 15:04        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-10-09 14:20 . 2012-10-09 20:13        --------        d-----w-        c:\users\kalb\AppData\Local\temp
2012-10-09 12:54 . 2012-10-09 14:12        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3E9535A-F890-45AB-80BB-E88A2B26F7B8}\offreg.dll
2012-10-09 12:48 . 2012-08-30 08:17        6980552        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3E9535A-F890-45AB-80BB-E88A2B26F7B8}\mpengine.dll
2012-10-08 17:51 . 2012-10-08 17:51        --------        d-----w-        c:\users\kalb\AppData\Roaming\Malwarebytes
2012-10-08 17:51 . 2012-10-08 17:51        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-26 09:11 . 2012-08-21 20:12        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe
2012-09-19 08:02 . 2012-09-19 08:02        181344        ----a-w-        c:\windows\system32\drivers\ssudobex.sys
2012-09-19 08:02 . 2012-09-19 08:02        83168        ----a-w-        c:\windows\system32\drivers\ssudbus.sys
2012-09-19 08:02 . 2012-09-19 08:02        581192        ----a-w-        c:\windows\system32\WinUSBCoInstaller.dll
2012-09-19 08:02 . 2012-09-19 08:02        181344        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys
2012-09-19 08:02 . 2012-09-19 08:02        1112288        ----a-w-        c:\windows\system32\WdfCoInstaller01007.dll
2012-09-17 14:09 . 2012-09-17 14:09        --------        d-----w-        c:\program files\Common Files\Skype
2012-09-17 14:09 . 2012-09-17 14:09        --------        d-----r-        c:\program files\Skype
2012-09-17 10:32 . 2012-08-22 17:16        712048        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-09-17 10:32 . 2012-07-04 19:45        33280        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys
2012-09-17 10:32 . 2012-07-04 19:45        33280        ----a-w-        c:\windows\system32\drivers\rndismpx.sys
2012-09-17 10:32 . 2012-08-22 17:16        1292144        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-17 10:32 . 2012-08-22 17:16        240496        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-17 10:32 . 2012-08-22 17:16        187760        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-17 10:32 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\system32\d3d10level9.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 17:47 . 2012-08-15 12:28        2345984        ----a-w-        c:\windows\system32\win32k.sys
2011-09-03 06:18 . 2011-09-13 18:48        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-24 39408]
"HW_OPENEYE_OUC_Telekom Internet Manager"="c:\program files\Telekom\InternetManager_H\UpdateDog\ouc.exe" [2009-12-31 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2009-05-26 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-26 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-26 88608]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"DataCardMonitor"="c:\program files\Telekom\InternetManager_H\DataCardMonitor.exe" [2011-04-17 253952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
.
c:\users\kalb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-4-10 479232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [x]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [x]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 11:12]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 11:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
mStart Page = hxxp://www.google.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\kalb\AppData\Roaming\Mozilla\Firefox\Profiles\su33pu6f.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2086349673-4076395582-134452066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2086349673-4076395582-134452066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-09  22:17:11
ComboFix-quarantined-files.txt  2012-10-09 20:17
ComboFix2.txt  2012-10-09 14:19
ComboFix3.txt  2012-10-09 13:02
.
Vor Suchlauf: 21 Verzeichnis(se), 105.814.376.448 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 105.772.908.544 Bytes frei
.
- - End Of File - - 04E9A428828EC0B538FD4BAEB40E8B3F
--- --- ---

schrauber 10.10.2012 06:52
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
IE - HKLM\..\SearchScopes\{A8214D94-1C7F-4B5B-8419-DEEA53AD04D5}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=68346eae-f732-11e0-939b-001a801851dd&q={searchTerms}
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{001F3B16-5351-4CBF-A8E5-14CAB653679C}: DhcpNameServer = 10.74.83.22 193.254.160.1
:Commands
[emptytemp]
[resethosts]

Und ein frisches OTL log bitte :)

JanK 10.10.2012 12:00
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
CREATERESTOREPOINT

schrauber 10.10.2012 12:03
was willst du mir damit sagen? :)

JanK 10.10.2012 12:12
weiß nich. sorry. kenn mich ja nich aus. war das ergebnis nachm fixen.
Hier wie gefordert:OTL Logfile:
Code:
OTL logfile created on: 10.10.2012 13:01:05 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\kalb\Desktop\Scannreport OTL 09.19.2012
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 67,70% Memory free
4,00 Gb Paging File | 3,29 Gb Available in Paging File | 82,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,98 Gb Total Space | 98,83 Gb Free Space | 71,11% Space Free | Partition Type: NTFS
 
Computer Name: JANUSCHEL | User Name: kalb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.09 13:20:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kalb\Desktop\Scannreport OTL 09.19.2012\OTL.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.08.19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2009.12.31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\kalb\AppData\Roaming\Telekom Internet Manager\ouc.exe
PRC - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008.04.17 14:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.04.17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008.04.10 17:56:48 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007.12.17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007.04.03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007.02.04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007.01.11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.05.09 15:24:26 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008.04.17 14:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007.12.17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007.01.11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | Auto | Stopped] -- system32\DRIVERS\eamonm.sys -- (eamonm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\kalb\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.09.19 10:02:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudobex.sys -- (ssudobex)
DRV - [2012.09.19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.09.19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 21:28:45 | 000,573,440 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2010.06.17 21:28:45 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2009.12.15 10:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009.12.15 10:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.10.07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009.10.07 08:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.05.26 11:35:50 | 008,235,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.08.03 05:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0C2D0630-2882-431F-AA84-3A6454B32EC2}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=68346eae-f732-11e0-939b-001a801851dd&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 E3 43 1F 8C EE CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0C2D0630-2882-431F-AA84-3A6454B32EC2}
IE - HKCU\..\SearchScopes\{0C2D0630-2882-431F-AA84-3A6454B32EC2}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de
IE - HKCU\..\SearchScopes\{4B1EB107-BCD3-4FB2-98E0-E70F4FC45DF9}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{A8214D94-1C7F-4B5B-8419-DEEA53AD04D5}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\kalb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.13 20:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.08 19:06:32 | 000,000,000 | ---D | M]
 
[2011.09.13 20:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kalb\AppData\Roaming\mozilla\Extensions
[2012.10.08 18:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kalb\AppData\Roaming\mozilla\Firefox\Profiles\su33pu6f.default\extensions
[2012.10.08 19:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.09.03 08:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.03 02:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.03 02:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 02:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 02:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 02:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Mystical Land Installer (Enabled) = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdkjcaifgmiepgkhohjooakknonejoc\1.0.0.10_0\NPMysticalLandInstaller.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\kalb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Speed Dial = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.1_0\
CHR - Extension: Mystical Land Installer = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdkjcaifgmiepgkhohjooakknonejoc\1.0.0.10_0\
 
O1 HOSTS File: ([2012.10.10 12:57:11 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\Telekom\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] C:\Program Files\Telekom\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67AA8B79-A64D-483C-8462-B07FB5A09434}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85E7A7E5-94CA-43E5-878F-6EB4F267B1F9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8724439-8D79-46A7-BEB7-CB2730586F8C}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.10 12:56:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.09 22:17:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.09 22:17:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.09 22:02:05 | 004,764,951 | R--- | C] (Swearware) -- C:\Users\kalb\Desktop\ComboFix.exe
[2012.10.09 19:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.09 18:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.09 18:35:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.09 18:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.09 16:20:00 | 000,000,000 | ---D | C] -- C:\Users\kalb\AppData\Local\temp
[2012.10.09 14:46:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.09 14:46:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.09 14:46:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.09 14:12:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.09 14:12:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.09 13:39:21 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Scannreport OTL 09.19.2012
[2012.10.08 19:51:46 | 000,000,000 | ---D | C] -- C:\Users\kalb\AppData\Roaming\Malwarebytes
[2012.10.08 19:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.08 18:06:59 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Fächer
[2012.10.06 14:29:51 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Behindertenhilfe Bergstrasse
[2012.09.19 10:02:08 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudobex.sys
[2012.09.19 10:02:06 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012.09.19 10:02:06 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012.09.17 22:25:24 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Praktikum Köln(2012)
[2012.09.17 16:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.17 16:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.17 16:09:29 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.09.15 12:21:40 | 000,000,000 | ---D | C] -- C:\Users\kalb\AppData\Local\{8AA270C9-F234-4F35-A854-5F1DFA5BD769}
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.10 13:05:36 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 13:05:36 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 12:59:10 | 000,054,932 | ---- | M] () -- C:\Users\kalb\AppData\Roaming\nvModes.001
[2012.10.10 12:58:30 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.10.10 12:58:23 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.10 12:58:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.10 12:58:07 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.10 12:57:11 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.10.09 22:00:44 | 004,764,951 | R--- | M] (Swearware) -- C:\Users\kalb\Desktop\ComboFix.exe
[2012.10.09 21:42:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.09 18:35:38 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.09 15:44:40 | 000,002,320 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.10.09 13:08:40 | 197,505,467 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.09 13:07:25 | 000,131,072 | -H-- | M] () -- C:\Windows\DUMP7e50.DMP
[2012.10.08 17:24:20 | 000,054,932 | ---- | M] () -- C:\Users\kalb\AppData\Roaming\nvModes.dat
[2012.10.08 14:09:37 | 000,664,868 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.08 14:09:37 | 000,625,010 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.08 14:09:37 | 000,135,004 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.08 14:09:37 | 000,110,648 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.08 14:08:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.10.07 17:44:12 | 000,131,072 | -H-- | M] () -- C:\Windows\DUMP9b66.DMP
[2012.09.19 10:02:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudobex.sys
[2012.09.19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012.09.19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012.09.17 16:09:40 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.09 18:35:38 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.09 14:46:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.09 14:46:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.09 14:46:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.09 14:46:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.09 14:46:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.09 13:07:25 | 000,131,072 | -H-- | C] () -- C:\Windows\DUMP7e50.DMP
[2012.10.08 14:08:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.10.07 17:44:12 | 000,131,072 | -H-- | C] () -- C:\Windows\DUMP9b66.DMP
[2012.09.17 16:09:40 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.04.02 20:57:44 | 000,004,608 | ---- | C] () -- C:\Users\kalb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.28 23:24:27 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2012.02.28 23:24:27 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2011.11.03 01:46:25 | 000,007,630 | ---- | C] () -- C:\Users\kalb\AppData\Roaming\.freeciv-client-rc-2.3
[2011.09.13 12:56:39 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.11.22 00:06:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\PrintsService
[2010.11.22 00:06:17 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\PreferencePane
[2010.11.22 00:06:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.11.22 00:02:44 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Printers
[2010.11.22 00:02:44 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\Pop Flute
[2010.11.22 00:02:44 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010.11.21 18:47:02 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\Woodwind
[2010.11.21 18:47:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\business-inkjet
[2010.11.21 18:47:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Dictionaries
[2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Workflows
[2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Work - Home
[2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\Widgets
[2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\WebServer
[2010.11.21 18:40:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbw.DAT
[2010.11.21 18:40:08 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Devices
[2010.11.21 18:40:08 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Desktop Pictures
[2010.11.21 18:33:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.05.14 18:07:21 | 000,000,092 | ---- | C] () -- C:\Users\kalb\AppData\Local\fusioncache.dat
[2010.05.14 09:39:14 | 000,054,932 | ---- | C] () -- C:\Users\kalb\AppData\Roaming\nvModes.001
[2010.05.14 00:39:30 | 000,054,932 | ---- | C] () -- C:\Users\kalb\AppData\Roaming\nvModes.dat
[2010.05.07 22:09:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.11.03 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\.freeciv
[2012.08.10 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Canon
[2011.02.13 16:19:21 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\EPSON
[2010.11.22 00:12:20 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Nikon
[2011.02.13 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Panasonic
[2012.06.19 13:52:02 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Samsung
[2011.09.13 12:56:29 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\ScanSoft
[2011.04.17 19:45:56 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Telekom
[2012.10.07 17:46:13 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Telekom Internet Manager
[2012.03.14 22:33:13 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Unity
[2011.09.14 14:18:24 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.10.09 22:17:24 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.05.02 22:23:15 | 000,000,000 | ---D | M] -- C:\$UPGRADE.~OS
[2012.07.01 12:37:21 | 000,000,000 | ---D | M] -- C:\Big Fish Games
[2011.07.10 17:35:39 | 000,000,000 | ---D | M] -- C:\Boot
[2012.10.08 19:03:38 | 000,000,000 | ---D | M] -- C:\bwinPoker JPC
[2009.10.18 15:52:54 | 000,000,000 | ---D | M] -- C:\Click to DVD 2
[2012.10.09 14:43:26 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2007.08.12 11:26:06 | 000,000,000 | ---D | M] -- C:\Documentation
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.07.20 14:57:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.05.02 20:23:09 | 000,000,000 | ---D | M] -- C:\found.000
[2007.11.04 01:18:29 | 000,000,000 | R--D | M] -- C:\MSOCache
[2010.06.17 22:10:32 | 000,000,000 | ---D | M] -- C:\MyVideos
[2010.04.11 14:00:24 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.10.09 19:51:35 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.09 19:45:48 | 000,000,000 | ---D | M] -- C:\ProgramData
[2007.07.20 14:57:47 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.10.09 22:17:22 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.05.07 22:01:56 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.10.10 13:05:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.05.07 22:20:59 | 000,000,000 | ---D | M] -- C:\Temp
[2010.04.05 22:47:48 | 000,000,000 | ---D | M] -- C:\Update
[2010.05.07 22:02:03 | 000,000,000 | R--D | M] -- C:\Users
[2007.08.12 11:36:33 | 000,000,000 | ---D | M] -- C:\WAUUPGRD
[2012.10.09 22:17:19 | 000,000,000 | ---D | M] -- C:\Windows
[2012.10.10 12:56:20 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
 
< %localappdata%\*. /5 >
[2012.10.08 18:45:43 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Diagnostics
[2012.10.09 14:19:20 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\ElevatedDiagnostics
[2012.10.08 19:23:13 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Microsoft
[2012.10.08 18:47:48 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\MigWiz
[2012.10.08 16:29:39 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\PokerStars.EU
[2012.10.10 13:01:04 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\temp
[2012.10.08 19:23:04 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Windows Live
 
<          >
[2009.07.14 06:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2010.05.24 13:12:34 | 000,001,090 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.05.24 13:12:37 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< End of report >
--- --- ---

schrauber 10.10.2012 12:14
Das war das Ergebnis nach dem Fixen? o.O

Schau mal bitte unter C:\OTL, da sind TExtdateien mit Datum in Namen, poste mal das letzte.

JanK 10.10.2012 12:16
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8214D94-1C7F-4B5B-8419-DEEA53AD04D5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8214D94-1C7F-4B5B-8419-DEEA53AD04D5}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{001F3B16-5351-4CBF-A8E5-14CAB653679C}\\DhcpNameServer| /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: kalb
->Temp folder emptied: 5594551 bytes
->Temporary Internet Files folder emptied: 54551527 bytes
->Java cache emptied: 25114735 bytes
->FireFox cache emptied: 75393732 bytes
->Google Chrome cache emptied: 349009304 bytes
->Apple Safari cache emptied: 5657600 bytes
->Flash cache emptied: 538 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 491,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 10102012_125620

ups, da ist wohl was schief gegangen.jetzt müsste es passen:


Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

schrauber 10.10.2012 12:28
Gudd, das schaut schon eher nach nem Fix Logfile aus :)

Wie läuft der Rechner? Noch Probleme?

JanK 10.10.2012 12:37
nein, läuft alles einwandfrei. ist der virus nun weg?

und kannst d mir einen tipp geben, welches antivirusprogramm gut und günstig ist(am besten umsonst)

vielen dank
lg jan

schrauber 10.10.2012 13:06
Jepp, nur noch einmal fixen :)

Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
IE - HKLM\..\SearchScopes\{0C2D0630-2882-431F-AA84-3A6454B32EC2}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=68346eae-f732-11e0-939b-001a801851dd&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope =
:Commands
[emptytemp]

JanK 10.10.2012 15:23
was ein mist. nachdem ich deinen anweisungen gefolgt bin und der computer runterfuhr, startete der rechner wieder verpixelt und der virus ist wieder voll aktiv. beim hochfahren hat er sich dann aufgehängt und ich kann wieder mal nur den abgesicherten modus nutzen.
lg

schrauber 10.10.2012 15:28
Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

JanK 10.10.2012 15:56
funktioniert irgendwie nicht.
1. ist das textdokument leer. wenn ich es mit notepad geöffnet habe und dann speicher(muss ich auch aufm usb stick speichern, oder?)
2. sagt er mir das frst.exe kein gültiger befehl sei(bin vorher auf das laufwerk des usbs gewechselt und habe dann frst.exe eingegebn

frst.exe ist keine zulässige windows32 datei, sowas sgat der dann

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012
Ran by SYSTEM at 10-10-2012 17:01:48
Running from F:\
Windows 7 Home Premium (X86) OS Language: German Standard
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [92704 2009-05-26] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8530464 2009-05-26] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [88608 2009-05-26] (NVIDIA Corporation)
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [98616 2008-04-17] (ArcSoft Inc.)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1797008 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [DataCardMonitor] C:\Program Files\Telekom\InternetManager_H\DataCardMonitor.exe [253952 2011-04-17] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [644696 2007-04-03] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1603152 2007-04-03] (CANON INC.)
HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [79400 2007-02-04] (Nuance Communications, Inc.)
HKU\kalb\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-05-24] (Google Inc.)
HKU\kalb\...\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] "C:\Program Files\Telekom\InternetManager_H\UpdateDog\ouc.exe" [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKLM\...\RunOnce: [OTL] "C:\Users\kalb\Desktop\Scannreport OTL 09.19.2012\OTL.exe" [602112 2012-10-09] (OldTimer Tools)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk
ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

==================== Services (Whitelisted) ===================

2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [102712 2008-04-17] (ArcSoft Inc.)
2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] ()
2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)

==================== Drivers (Whitelisted) ====================

3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [573440 2010-06-17] (Hauppauge Computer Works, Inc.)
3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2010-06-17] (Hauppauge Computer Works, Inc.)
3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [101120 2009-10-12] (Huawei Technologies Co., Ltd.)
3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [181344 2012-09-19] (DEVGURU Co., LTD.(www.devguru.co.kr))
1 tcpipBM; \??\C:\Windows\system32\drivers\tcpipBM.sys [24192 2009-12-15] (Bytemobile, Inc.)
3 catchme; \??\C:\Users\kalb\AppData\Local\Temp\catchme.sys [x]
2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-10 15:57 - 2012-10-10 15:57 - 00905954 ____A (Farbar) C:\Users\kalb\Downloads\FRST (1).exe
2012-10-10 15:30 - 2012-10-10 15:30 - 00905954 ____A (Farbar) C:\Users\kalb\Downloads\FRST.exe
2012-10-10 15:19 - 2012-10-10 15:19 - 00139704 ____A C:\Windows\Minidump\101012-20623-01.dmp
2012-10-10 12:53 - 2012-10-10 12:54 - 57837568 ____A C:\Users\kalb\Downloads\eav_nt64_deu (1).msi
2012-10-10 12:52 - 2012-10-10 12:52 - 57837568 ____A C:\Users\kalb\Downloads\eav_nt64_deu.msi
2012-10-10 12:06 - 2012-09-14 19:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 12:06 - 2012-08-24 17:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 11:57 - 2012-08-31 18:18 - 01211760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-10 11:57 - 2012-08-30 18:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-10-10 11:57 - 2012-08-30 18:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-10 11:57 - 2012-08-20 18:40 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-10 11:57 - 2012-08-20 18:40 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-10 11:57 - 2012-08-20 18:40 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-10 11:57 - 2012-08-20 18:37 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-10 11:57 - 2012-08-20 18:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 16:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 16:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 16:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 11:57 - 2012-08-20 16:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 11:57 - 2012-08-11 00:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-10 11:57 - 2012-06-02 05:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 11:57 - 2012-06-02 05:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 11:57 - 2012-06-02 05:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 11:56 - 2012-10-10 11:56 - 00000000 ____D C:\_OTL
2012-10-10 05:08 - 2012-10-10 15:07 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-10-09 21:17 - 2012-10-09 21:17 - 00010388 ____A C:\ComboFix.txt
2012-10-09 21:02 - 2012-10-09 21:00 - 04764951 ____R (Swearware) C:\Users\kalb\Desktop\ComboFix.exe
2012-10-09 18:51 - 2012-10-09 18:51 - 02322184 ____A (ESET) C:\Users\kalb\Downloads\esetsmartinstaller_enu.exe
2012-10-09 18:51 - 2012-10-09 18:51 - 00000000 ____D C:\Program Files\ESET
2012-10-09 18:45 - 2012-10-09 18:45 - 00002952 ____A C:\AdwCleaner[S1].txt
2012-10-09 18:43 - 2012-10-09 18:43 - 00538327 ____A C:\Users\kalb\Downloads\adwcleaner.exe
2012-10-09 18:43 - 2012-10-09 18:43 - 00003051 ____A C:\AdwCleaner[R1].txt
2012-10-09 17:35 - 2012-10-09 17:35 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-09 17:35 - 2012-10-09 17:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-10-09 17:35 - 2012-09-07 16:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-10-09 17:34 - 2012-10-09 17:35 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\kalb\Downloads\mbam-setup-1.65.0.1400 (2).exe
2012-10-09 17:34 - 2012-10-09 17:34 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\kalb\Downloads\mbam-setup-1.65.0.1400 (1).exe
2012-10-09 17:34 - 2012-10-09 17:34 - 04118096 ____A (Systweak Inc ) C:\Users\kalb\Downloads\rcpsetup_cde.exe
2012-10-09 13:46 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2012-10-09 13:46 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2012-10-09 13:46 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-10-09 13:46 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-10-09 13:46 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-10-09 13:46 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2012-10-09 13:46 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2012-10-09 13:46 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2012-10-09 13:12 - 2012-10-09 21:17 - 00000000 ____D C:\Qoobox
2012-10-09 13:12 - 2012-10-09 15:00 - 00000000 ____D C:\Windows\erdnt
2012-10-09 12:39 - 2012-10-09 21:00 - 00000000 ____D C:\Users\kalb\Desktop\Scannreport OTL 09.19.2012
2012-10-09 12:34 - 2012-10-09 12:34 - 00061856 ____A C:\Users\kalb\Downloads\Extras.Txt
2012-10-09 12:32 - 2012-10-09 12:32 - 00079124 ____A C:\Users\kalb\Downloads\OTL.Txt
2012-10-09 12:08 - 2012-10-09 12:08 - 00139704 ____A C:\Windows\Minidump\100912-21746-01.dmp
2012-10-09 12:07 - 2012-10-09 12:07 - 00131072 ___AH C:\Windows\DUMP7e50.DMP
2012-10-08 18:51 - 2012-10-08 18:51 - 00000000 ____D C:\Users\kalb\AppData\Roaming\Malwarebytes
2012-10-08 18:51 - 2012-10-08 18:51 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-10-08 18:50 - 2012-10-08 18:50 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\kalb\Downloads\mbam-setup-1.65.0.1400.exe
2012-10-08 18:42 - 2012-10-08 18:43 - 00149112 ____A C:\Windows\Minidump\100812-76846-01.dmp
2012-10-08 18:17 - 2012-10-08 18:17 - 00149112 ____A C:\Windows\Minidump\100812-30966-01.dmp
2012-10-08 17:06 - 2012-10-08 17:07 - 00000000 ____D C:\Users\kalb\Desktop\Fächer
2012-10-08 16:56 - 2012-10-08 16:56 - 00149112 ____A C:\Windows\Minidump\100812-27783-01.dmp
2012-10-08 16:49 - 2012-10-08 16:49 - 01232760 ____A C:\Users\kalb\Downloads\TIDMSC-14215300-1041 (1).EXE
2012-10-08 13:08 - 2012-10-08 13:08 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-10-07 17:06 - 2012-10-07 17:06 - 00139704 ____A C:\Windows\Minidump\100712-17908-01.dmp
2012-10-07 16:48 - 2012-10-07 16:48 - 00139672 ____A C:\Windows\Minidump\100712-18532-01.dmp
2012-10-07 16:44 - 2012-10-07 16:44 - 00131072 ___AH C:\Windows\DUMP9b66.DMP
2012-10-07 16:31 - 2012-10-07 16:31 - 00139672 ____A C:\Windows\Minidump\100712-20014-01.dmp
2012-10-06 13:29 - 2012-10-06 19:24 - 00000000 ____D C:\Users\kalb\Desktop\Behindertenhilfe Bergstrasse
2012-09-29 12:52 - 2012-09-29 12:53 - 02557549 ____A C:\Users\kalb\Downloads\part03.wmv
2012-09-26 10:11 - 2012-08-21 21:12 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-22 10:08 - 2012-08-24 17:57 - 06028800 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-22 10:08 - 2012-08-24 17:57 - 01231872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-22 10:08 - 2012-08-24 17:57 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-22 10:08 - 2012-08-24 17:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-22 10:08 - 2012-08-24 17:57 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-22 10:08 - 2012-08-24 17:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-22 10:08 - 2012-08-24 17:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-22 10:08 - 2012-08-24 17:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-22 10:08 - 2012-08-24 17:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-22 10:08 - 2012-08-24 17:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-22 10:08 - 2012-08-24 16:20 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-19 09:02 - 2012-09-19 09:02 - 01112288 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01007.dll
2012-09-19 09:02 - 2012-09-19 09:02 - 00581192 ____A (Microsoft Corporation) C:\Windows\System32\WinUSBCoInstaller.dll
2012-09-19 09:02 - 2012-09-19 09:02 - 00181344 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudobex.sys
2012-09-19 09:02 - 2012-09-19 09:02 - 00181344 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-09-19 09:02 - 2012-09-19 09:02 - 00083168 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-09-17 21:25 - 2012-09-24 19:33 - 00000000 ____D C:\Users\kalb\Desktop\Praktikum Köln(2012)
2012-09-17 15:09 - 2012-09-17 15:09 - 00002505 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-17 15:09 - 2012-09-17 15:09 - 00000000 ___RD C:\Program Files\Skype
2012-09-17 15:09 - 2012-09-17 15:09 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-09-17 11:32 - 2012-08-22 18:16 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-17 11:32 - 2012-08-22 18:16 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-17 11:32 - 2012-08-22 18:16 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-17 11:32 - 2012-08-22 18:16 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-17 11:32 - 2012-08-02 17:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-17 11:32 - 2012-07-04 20:45 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rndismpx.sys
2012-09-17 11:32 - 2012-07-04 20:45 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-16 22:57 - 2012-09-16 22:57 - 10980240 ____A (Deutsche Telekom AG, Marmiko IT-Solutions GmbH ) C:\Users\kalb\Downloads\netzmanager_setup (1).exe
2012-09-16 22:56 - 2012-09-16 22:56 - 10980240 ____A (Deutsche Telekom AG, Marmiko IT-Solutions GmbH ) C:\Users\kalb\Downloads\netzmanager_setup.exe
2012-09-15 11:35 - 2012-09-15 11:36 - 20905256 ____A (PokerStars) C:\Users\kalb\Downloads\PokerStarsInstallEU.exe
2012-09-15 11:21 - 2012-09-15 11:21 - 00000000 ____D C:\Users\kalb\AppData\Local\{8AA270C9-F234-4F35-A854-5F1DFA5BD769}


==================== 3 Months Modified Files ==================

2012-10-10 15:57 - 2012-10-10 15:57 - 00905954 ____A (Farbar) C:\Users\kalb\Downloads\FRST (1).exe
2012-10-10 15:39 - 2010-05-07 21:04 - 01527740 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-10 15:30 - 2012-10-10 15:30 - 00905954 ____A (Farbar) C:\Users\kalb\Downloads\FRST.exe
2012-10-10 15:19 - 2012-10-10 15:19 - 00139704 ____A C:\Windows\Minidump\101012-20623-01.dmp
2012-10-10 15:19 - 2010-07-24 12:06 - 165413307 ____A C:\Windows\MEMORY.DMP
2012-10-10 15:19 - 2010-05-09 14:26 - 00025676 ____A C:\Windows\PFRO.log
2012-10-10 15:12 - 2010-05-07 20:46 - 01952562 ____A C:\Windows\WindowsUpdate.log
2012-10-10 15:12 - 2009-07-14 05:34 - 00013536 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-10 15:12 - 2009-07-14 05:34 - 00013536 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-10 15:07 - 2012-10-10 05:08 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-10-10 15:07 - 2010-05-24 12:12 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-10 15:07 - 2010-05-14 08:39 - 00054932 ____A C:\Users\kalb\AppData\Roaming\nvModes.001
2012-10-10 15:07 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-10 15:06 - 2009-07-14 05:39 - 00092274 ____A C:\Windows\setupact.log
2012-10-10 13:00 - 2010-05-08 10:05 - 62968832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-10 12:54 - 2012-10-10 12:53 - 57837568 ____A C:\Users\kalb\Downloads\eav_nt64_deu (1).msi
2012-10-10 12:52 - 2012-10-10 12:52 - 57837568 ____A C:\Users\kalb\Downloads\eav_nt64_deu.msi
2012-10-10 12:42 - 2010-05-24 12:12 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-09 21:17 - 2012-10-09 21:17 - 00010388 ____A C:\ComboFix.txt
2012-10-09 21:13 - 2009-07-14 03:04 - 00000215 ____A C:\Windows\system.ini
2012-10-09 21:00 - 2012-10-09 21:02 - 04764951 ____R (Swearware) C:\Users\kalb\Desktop\ComboFix.exe
2012-10-09 18:51 - 2012-10-09 18:51 - 02322184 ____A (ESET) C:\Users\kalb\Downloads\esetsmartinstaller_enu.exe
2012-10-09 18:45 - 2012-10-09 18:45 - 00002952 ____A C:\AdwCleaner[S1].txt
2012-10-09 18:43 - 2012-10-09 18:43 - 00538327 ____A C:\Users\kalb\Downloads\adwcleaner.exe
2012-10-09 18:43 - 2012-10-09 18:43 - 00003051 ____A C:\AdwCleaner[R1].txt
2012-10-09 17:35 - 2012-10-09 17:35 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-09 17:35 - 2012-10-09 17:34 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\kalb\Downloads\mbam-setup-1.65.0.1400 (2).exe
2012-10-09 17:34 - 2012-10-09 17:34 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\kalb\Downloads\mbam-setup-1.65.0.1400 (1).exe
2012-10-09 17:34 - 2012-10-09 17:34 - 04118096 ____A (Systweak Inc ) C:\Users\kalb\Downloads\rcpsetup_cde.exe
2012-10-09 15:01 - 2009-07-14 03:03 - 45350912 ____A C:\Windows\System32\config\software.bak
2012-10-09 15:01 - 2009-07-14 03:03 - 14942208 ____A C:\Windows\System32\config\system.bak
2012-10-09 15:01 - 2009-07-14 03:03 - 00524288 ____A C:\Windows\System32\config\default.bak
2012-10-09 15:01 - 2009-07-14 03:03 - 00262144 ____A C:\Windows\System32\config\security.bak
2012-10-09 15:01 - 2009-07-14 03:03 - 00262144 ____A C:\Windows\System32\config\sam.bak
2012-10-09 14:44 - 2011-04-04 19:53 - 00002320 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-10-09 12:34 - 2012-10-09 12:34 - 00061856 ____A C:\Users\kalb\Downloads\Extras.Txt
2012-10-09 12:32 - 2012-10-09 12:32 - 00079124 ____A C:\Users\kalb\Downloads\OTL.Txt
2012-10-09 12:08 - 2012-10-09 12:08 - 00139704 ____A C:\Windows\Minidump\100912-21746-01.dmp
2012-10-09 12:07 - 2012-10-09 12:07 - 00131072 ___AH C:\Windows\DUMP7e50.DMP
2012-10-08 18:50 - 2012-10-08 18:50 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\kalb\Downloads\mbam-setup-1.65.0.1400.exe
2012-10-08 18:43 - 2012-10-08 18:42 - 00149112 ____A C:\Windows\Minidump\100812-76846-01.dmp
2012-10-08 18:17 - 2012-10-08 18:17 - 00149112 ____A C:\Windows\Minidump\100812-30966-01.dmp
2012-10-08 16:56 - 2012-10-08 16:56 - 00149112 ____A C:\Windows\Minidump\100812-27783-01.dmp
2012-10-08 16:52 - 2012-06-19 07:47 - 00000021 ____A C:\Windows\Model.txt
2012-10-08 16:52 - 2012-06-19 07:47 - 00000000 ____A C:\Windows\Model.log
2012-10-08 16:51 - 2012-06-19 07:47 - 00003098 ____A C:\Windows\DPINST.LOG
2012-10-08 16:49 - 2012-10-08 16:49 - 01232760 ____A C:\Users\kalb\Downloads\TIDMSC-14215300-1041 (1).EXE
2012-10-08 16:24 - 2010-05-13 23:39 - 00054932 ____A C:\Users\kalb\AppData\Roaming\nvModes.dat
2012-10-08 13:08 - 2012-10-08 13:08 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-10-07 17:06 - 2012-10-07 17:06 - 00139704 ____A C:\Windows\Minidump\100712-17908-01.dmp
2012-10-07 16:48 - 2012-10-07 16:48 - 00139672 ____A C:\Windows\Minidump\100712-18532-01.dmp
2012-10-07 16:44 - 2012-10-07 16:44 - 00131072 ___AH C:\Windows\DUMP9b66.DMP
2012-10-07 16:31 - 2012-10-07 16:31 - 00139672 ____A C:\Windows\Minidump\100712-20014-01.dmp
2012-09-29 12:53 - 2012-09-29 12:52 - 02557549 ____A C:\Users\kalb\Downloads\part03.wmv
2012-09-19 09:02 - 2012-09-19 09:02 - 01112288 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01007.dll
2012-09-19 09:02 - 2012-09-19 09:02 - 00581192 ____A (Microsoft Corporation) C:\Windows\System32\WinUSBCoInstaller.dll
2012-09-19 09:02 - 2012-09-19 09:02 - 00181344 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudobex.sys
2012-09-19 09:02 - 2012-09-19 09:02 - 00181344 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-09-19 09:02 - 2012-09-19 09:02 - 00083168 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-09-17 15:09 - 2012-09-17 15:09 - 00002505 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-16 22:57 - 2012-09-16 22:57 - 10980240 ____A (Deutsche Telekom AG, Marmiko IT-Solutions GmbH ) C:\Users\kalb\Downloads\netzmanager_setup (1).exe
2012-09-16 22:56 - 2012-09-16 22:56 - 10980240 ____A (Deutsche Telekom AG, Marmiko IT-Solutions GmbH ) C:\Users\kalb\Downloads\netzmanager_setup.exe
2012-09-15 11:36 - 2012-09-15 11:35 - 20905256 ____A (PokerStars) C:\Users\kalb\Downloads\PokerStarsInstallEU.exe
2012-09-14 19:28 - 2012-10-10 12:06 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-10 06:18 - 2009-07-14 05:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-07 16:04 - 2012-10-09 17:35 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-02 11:15 - 2012-09-02 11:15 - 00149112 ____A C:\Windows\Minidump\090212-22011-01.dmp
2012-08-31 18:18 - 2012-10-10 11:57 - 01211760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-31 14:45 - 2012-08-31 14:45 - 17036288 ____A (EffectMatrix, Inc. ) C:\Users\kalb\Downloads\empc_setup.exe
2012-08-30 18:12 - 2012-10-10 11:57 - 03968880 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-08-30 18:12 - 2012-10-10 11:57 - 03914096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-24 17:57 - 2012-10-10 12:06 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 17:57 - 2012-09-22 10:08 - 06028800 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 17:57 - 2012-09-22 10:08 - 01231872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 17:57 - 2012-09-22 10:08 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 17:57 - 2012-09-22 10:08 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 17:57 - 2012-09-22 10:08 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 17:57 - 2012-09-22 10:08 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 17:56 - 2012-09-22 10:08 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 17:56 - 2012-09-22 10:08 - 02073600 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 17:56 - 2012-09-22 10:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 17:56 - 2012-09-22 10:08 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 16:20 - 2012-09-22 10:08 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-22 18:16 - 2012-09-17 11:32 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 18:16 - 2012-09-17 11:32 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 18:16 - 2012-09-17 11:32 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 18:16 - 2012-09-17 11:32 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 21:12 - 2012-09-26 10:11 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:40 - 2012-10-10 11:57 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 18:40 - 2012-10-10 11:57 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 18:40 - 2012-10-10 11:57 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 18:37 - 2012-10-10 11:57 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 18:32 - 2012-10-10 11:57 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:32 - 2012-10-10 11:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 16:33 - 2012-10-10 11:57 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 16:33 - 2012-10-10 11:57 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 16:33 - 2012-10-10 11:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 16:33 - 2012-10-10 11:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-15 16:06 - 2009-07-14 05:33 - 00318240 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-11 00:56 - 2012-10-10 11:57 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-07 14:10 - 2012-08-07 14:09 - 00561664 ____A C:\Users\kalb\Downloads\Fragen_letzte_Sitzung_Diagnostik_SOSE_2012.ppt
2012-08-05 05:15 - 2012-08-05 05:15 - 05104461 ____A C:\Users\kalb\Downloads\Buchstabeneinführung.pptx
2012-08-05 05:15 - 2012-08-05 05:15 - 01544278 ____A C:\Users\kalb\Downloads\grundschrift_1.pptx
2012-08-02 17:57 - 2012-09-17 11:32 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-07-18 18:47 - 2012-08-15 13:28 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-18 13:58 - 2012-07-18 13:57 - 00149112 ____A C:\Windows\Minidump\071812-23446-01.dmp
2012-07-17 22:02 - 2012-07-17 22:02 - 00149112 ____A C:\Windows\Minidump\071712-24492-01.dmp
2012-07-15 16:51 - 2012-07-15 16:51 - 00243122 ____A C:\Users\kalb\Downloads\Soziale_Kompetenz_2012 (1).pptx
2012-07-15 16:45 - 2012-07-15 16:45 - 01073664 ____A C:\Users\kalb\Downloads\Emotionale_Entwicklung_erweitert (2).ppt
2012-07-15 16:44 - 2012-07-15 16:44 - 00907776 ____A C:\Users\kalb\Downloads\Regulationsstörungen2 (1).ppt
2012-07-15 16:44 - 2012-07-15 16:44 - 00097792 ____A C:\Users\kalb\Downloads\Vulnerabilitätskonzeptfolie (1).ppt
2012-07-15 16:38 - 2012-07-15 16:38 - 00075737 ____A C:\Users\kalb\Downloads\Beobachtungsaufgaben_Video.pptx
2012-07-15 16:34 - 2012-07-15 16:34 - 00162367 ____A C:\Users\kalb\Downloads\Bindungsstörungen_bei_GB_komplett.pptx
2012-07-15 16:34 - 2012-07-15 16:34 - 00162367 ____A C:\Users\kalb\Downloads\Bindungsstörungen_bei_GB_komplett (1).pptx
2012-07-15 16:11 - 2012-07-15 16:11 - 00155834 ____A C:\Users\kalb\Downloads\Frühe_Eltern-Kind-Interaktion_im_Kontext_Geistige_Behinderung.pptx
2012-07-15 15:48 - 2012-07-15 15:48 - 00363458 ____A C:\Users\kalb\Downloads\Entw2_Sose2012__2.SitzungWahrnehmung (1).pptx
2012-07-15 15:39 - 2012-07-15 15:39 - 01248768 ____A C:\Users\kalb\Downloads\Entw2_Sose2012_1._Sitzung (1).ppt
2012-07-15 15:25 - 2012-07-15 15:25 - 00034304 ____A C:\Users\kalb\Downloads\Studienbuch_Deckblatt_LA_Sonderschule_PO2003.dot
2012-07-13 16:43 - 2012-07-13 16:43 - 00149112 ____A C:\Windows\Minidump\071312-24476-01.dmp

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-09 20:48:21
Restore point made on: 2012-10-10 12:05:19
Restore point made on: 2012-10-10 12:59:05

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 2046.43 MB
Available physical RAM: 1660.38 MB
Total Pagefile: 2046.43 MB
Available Pagefile: 1662.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:138.98 GB) (Free:98.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Recovery) (Fixed) (Total:10.07 GB) (Free:0.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (RALLY2) (Removable) (Total:1.91 GB) (Free:1.82 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Datentr„ger ### Status Gr”áe Frei Dyn GPT
--------------- ------------- ------- ------- --- ---
Datentr„ger 0 Online 149 GB 0 B
Datentr„ger 1 Online 1959 MB 0 B

Partitions of Disk 0:
===============

Datentr„ger 0 ist jetzt der gew„hlte Datentr„ger.

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Wiederherstellun 10 GB 1024 KB
Partition 2 Prim„r 138 GB 10 GB

=========================================================

Disk: 0
Datentr„ger 0 ist jetzt der gew„hlte Datentr„ger.

Partition 1
Typ : 27
Versteckt: Ja
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Recovery NTFS Partition 10 GB Fehlerfre Versteck

=========================================================

Disk: 0
Datentr„ger 0 ist jetzt der gew„hlte Datentr„ger.

Partition 2
Typ : 07
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 138 GB Fehlerfre

=========================================================

Disk: 0
Datentr„ger 0 ist jetzt der gew„hlte Datentr„ger.

Partition 2
Typ : 07
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 138 GB Fehlerfre

=========================================================

Partitions of Disk 1:
===============

Datentr„ger 1 ist jetzt der gew„hlte Datentr„ger.

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 1959 MB 31 KB

=========================================================

Disk: 1
Datentr„ger 1 ist jetzt der gew„hlte Datentr„ger.

Partition 1
Typ : 0C
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F RALLY2 FAT32 Wechselmed 1959 MB Fehlerfre

=========================================================

Disk: 1
Datentr„ger 1 ist jetzt der gew„hlte Datentr„ger.

Partition 1
Typ : 0C
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F RALLY2 FAT32 Wechselmed 1959 MB Fehlerfre

=========================================================

Last Boot: 2012-09-19 20:44

==================== End Of Log ============================

schrauber 10.10.2012 17:14
Was genau sind die Probleme jetzt? Versuch ma bitte normal zu booten.

JanK 10.10.2012 19:49
das problem ist, dass ich den computer nur noch im abgesichertem modus laden kann. das normale laden bricht mit einem blauem bildschrim ab(data crash dumb). genauso war es vorher, als ich mich hier mit dem problem meldete.

so ein scheiß und es sah so gut aus heute morgen

die deskoptfarbe ist schwarz mit vertikalen rotstreifen.beim starten sieht man viereckige pixel übern ganzen bildschirm

auserdem sind nun 3 "durchsichtige"datein aufm deskopt sichtbar(2 davon heißen deskop.ini)die ich zum ersten mal sehe

schrauber 11.10.2012 07:03
Das ist normal, das sidn versteckte Dateien.

Drück mal schnell beim Hochfahren F8 ein paar mal, bis zum Auswahlmenü wo auch der Safe Mode zu finden ist.

Wähle bitte:

Automatischen Neustart bei Systemfehler deaktivieren oder so ähnlich.

Reboot in den Normalmodus, dann sollte ein Bluescreen kommen und stehen bleiben, ich brauch die Daten die da stehen.

JanK 11.10.2012 10:58
hi,
leider komme ich nicht in den normalen windowbetrieb. also,nach dem automatischen Neustart bei systemfehler deaktiviern, hängt er sich wieder auf und der blaue screen kommt wieder: "a problem has been detected and windows has been shut down to protect damage on your computer"....

schrauber 11.10.2012 11:02
Ja und genau diesen Bluescreen will ich hier sehen. Da steht meist ein Treiber-Name dabei und eine Zeile STOP mit Ziffern. Die Zeilen brauch ich.

JanK 11.10.2012 11:20
The sytem encountered an uncorractable hardware error
Technical Information
Stop: 0*00000124(0*00000000, 0*85BOC24, 0*F200040, 0*0*0000800)

Ansonsten stehen nur Anweisungen drinnen, wie ich vorzugehen habe(bei admin melden und so)

einen treibername habe ich nicht gefunden

schrauber 11.10.2012 11:25
Bei Admin melden? Das is aber schon ein Heim-Privat-Pc und du bist Admin?

JanK 11.10.2012 11:29
ja bin der admin, mhmm, soll ich noch mal schauen, dann ist es so was ähnliches, sagen sowas, wie : bitte beim vertreiber melden, wenn problem nicht gelöst wird


sollte ich den rechner vielleicht einfach komplett platt machen?

schrauber 11.10.2012 11:31
Denke nicht dass das was bringt? Ist das ein Desktop-Rechner? Du hast Hardware-Probleme, der 124er Stop-Fehler deutet auf Spannungsprobleme hin. Google mal danach :)

JanK 11.10.2012 11:41
hab nach gegooglt und muss feststellen, dass das nicht gut aussieht. meiner meinung nach deuten die pixel beim start und aufm deskopt aber auch auf einen virus hin, oder können das auch grafikkarttenfehler sein?!

was ist ein deskopt-rechner?habe eine vaio -laptop

schrauber 11.10.2012 11:43
Es gibt Laptop und normale Rechner, Ein Desktop Rechner ist ein normaler Rechner.

Ich glaub im ganzen an die Hardware. Wenn du Unterspannung hast hat auch die Grafikkarte keine Power und macht Fehler.

JanK 11.10.2012 11:46
Win 7+Bluescreen/Stopfehler 124 (ATI Treiber schuld?) - ComputerBase Forum

soll ich dieses mal testen?(was simpel1970 am 24.03.2010, 23:20 geschrieben hat)

damit kann ich doch sicher gehen obs n hardwareproblem ist,oder?

schrauber 11.10.2012 11:50
Haste nen Link?

JanK 11.10.2012 11:52
hxxp://www.computerbase.de/forum/showthread.php?t=712600

schrauber 11.10.2012 12:01
jepp versuchs mal :)

JanK 11.10.2012 12:03
habe gerade was anderes gelesen und würde gerne ersteinmal meine treiber und grafikkarte aktualisieren. weißt du wo ich da was passndes finden kann?

schrauber 11.10.2012 12:21
Auf der Hersteller-Seite. Gib Deine Daten ein, Seriennummer und so, und es wird dir dann angezeigt :)

JanK 11.10.2012 12:55
klappt gar nicht. kann das systemupdate nicht runterladen, weil ne fehlermeldung kommt.
und wenn ich den anderen weg gehe, um herauszufinden ob ein hardwareproblem vorliegt, installiert er 15minuten, um die installation daraufhin abzubrechen

schrauber 11.10.2012 13:01
Ich würd mich mit dem Gedanken anzufreunden dass Ding bei nem techniker vorbeizubringen....

JanK 11.10.2012 13:04
was ich nicht ganz verstehe:

vorgestern abend und gestern vormittag, nachdem wir einiges bereinigt hatten, lief der laptop wieder einwandfrei. nachdem wir dann den letzten schritt machen wollten, ist das dilemma wieder ausgebrochen... ist es möglich, den computer wieder auf den stand von vorgestern und gestern mittag zu bringen, damit ich ein bisschen arbeiten kann. am wochenende schaut sich ein freund, der sich damit auskennt, den compi an.

lg

schrauber 11.10.2012 13:13
Wenn es ein Hardwareproblem ist, hast Du gar keine Option. Die Spannungsprobleme kommen und gehen. Arbeitest Du mit Akku oder ladekabel?

JanK 11.10.2012 13:14
hab das ladekabel immer angeschlossen

aber kann das harwwareproblem von jetzt auf gleich eintreten. war nämlich an dem besagtem tag, als er das erste mal abstürzte, online fußball gucken.

schrauber 11.10.2012 13:17
Die kaputte Glühbirne ging gestern auch noch. wenn das Teil, in Deinem Fall vielleicht das Netzteil, nen Macken hat, macht das was es will, und wann es will :)

JanK 11.10.2012 13:20
okay. vielen dank für deine Hilfe lieber schrauber. schade, dass das problem noch nicht behoben werden konnte. aber immerhin verhärtet sich der verdacht eines hardwarefehlers mehr und mehr.
lg

schrauber 11.10.2012 13:22
Die Logs sind sauber. Daher kommt der Fehler jetzt definitiv nicht :)

JanK 11.10.2012 13:26
heißt das, wenn die logs sauber sind, dass ein virusbefall eher unwahrscheinlich ist?

schrauber 11.10.2012 13:33
genau. Da war Malware, die haben wir entfernt. Dass was Du hast ist ein anderes Problem, der Stop-Error beweist es :)

JanK 11.10.2012 13:43
okay. danke

schrauber 11.10.2012 13:45
Nix zu danken :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:39 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129