Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne

Mülltonne: 2x Windows Vista: Weißer Bildschirm nach Start (ohne Text, abgesicherter Modus geht)!

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 04.05.2013, 20:22   #1
nometa
 
2x Windows Vista: Weißer Bildschirm nach Start (ohne Text, abgesicherter Modus geht)! - Standard

2x Windows Vista: Weißer Bildschirm nach Start (ohne Text, abgesicherter Modus geht)!



Liebe Helfer!

Kurz vorweg: Ich habe denselben Beitrag versehentlich im Forum "Log-Analyse und Auswertung" gepostet. Es war wirklich ein Versehen - nur damit ich nicht des Crosspostings verdächtigt werde.

Windows Vista Home Premium, ich glaube 32 Bit, bin mir aber leider nicht ganz sicher.

Gestern Abend surfte ich im Internet, plötzlich wurde mein Bildschirm komplett weiß, und ich konnte nichts mehr machen. Ich schaltete den Strom ab, wieder ein und fuhr den Computer erneut hoch. Das schien zu gehen, ich hörte die üblichen Windows-Eingangsgeräusche, der Desktop kam - bis nach ein paar Sekunden die Symbole verschwanden und der weiße Bildschirm wieder da war. Drückte ich auf den Ein-/Ausschaltknopf des Computers, fuhr er schnell herunter, nur ganz kurz wurde wieder der ganz normale Desktop sichtbar. So ist es jetzt immer.

Ich googelte und fand heraus, dass ich es anscheinend - zum ersten Mal - mit einem Trojaner zu tun habe. Schnell kam ich zu dieser Seite hier. Der weiße Bildschirm scheint berühmt zu sein. Allerdings sehen viele dabei noch irgendeinen Text. Bei mir ist kein Text. Bei anderen funktioniert der "abgesicherte Modus mit Eingabeaufforderung" nicht. Bei mir schon. Mit diesen Einschränkungen bleiben dann gar nicht mehr viele Posts übrig. Auf einen bin ich gestoßen, wo sehr hilfreiche Antworten dabei stehen:

http://www.trojaner-board.de/134107-...-trojaner.html

Den ersten Schritt habe ich wie beschrieben gemacht und dadurch folgende Logs erhalten:
OTL.Txt
Code:
ATTFilter
OTL logfile created on: 04.05.2013 14:29:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = K:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 82,18% Memory free
4,23 Gb Paging File | 4,04 Gb Available in Paging File | 95,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 203,24 Gb Total Space | 111,62 Gb Free Space | 54,92% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 5,72 Gb Free Space | 57,20% Space Free | Partition Type: NTFS
Drive K: | 987,63 Mb Total Space | 987,05 Mb Free Space | 99,94% Space Free | Partition Type: FAT
Drive L: | 19,53 Gb Total Space | 19,43 Gb Free Space | 99,50% Space Free | Partition Type: NTFS
Drive X: | 232,83 Gb Total Space | 224,81 Gb Free Space | 96,56% Space Free | Partition Type: NTFS
 
Computer Name: DELL-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.04 14:19:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
PRC - [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Users\*****\AppData\Local\Temp\{49F419FE-4976-47B8-9A28-0DE6E0CF5C35}\NMSAccessU.exe -- (NMSAccessU)
SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.13 03:35:23 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.11.16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009.09.15 22:29:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009.09.15 22:28:52 | 000,204,848 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009.09.15 22:04:58 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.12 19:34:36 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [Disabled | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.11.02 11:44:52 | 000,049,152 | ---- | M] (Brother Industries, Ltd.) [Auto | Stopped] -- C:\Windows\System32\BrmfRsmg.exe -- (brmfrsmg)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.10.15 03:41:44 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009.09.15 22:04:58 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2009.09.15 22:04:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.01.19 07:32:52 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mf.sys -- (mf)
DRV - [2007.11.15 23:44:12 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007.11.02 06:20:11 | 003,170,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007.11.02 06:20:11 | 003,170,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.29 10:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.02.27 10:19:46 | 000,017,152 | ---- | M] (WideViewer Electronics CO., LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BDA_Capture_225.sys -- (BDA_Capture_225)
DRV - [2006.11.02 10:24:45 | 000,011,648 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2006.11.02 10:24:40 | 000,003,840 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFilt.sys -- (brfilt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=AT&userid=670692a9-e93e-4898-8e72-bcba61a3d855&searchtype=ds&q={searchTerms}&installDate=03/05/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
 
 
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=AT&userid=670692a9-e93e-4898-8e72-bcba61a3d855&searchtype=ds&q={searchTerms}&installDate=03/05/2013
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=AT&userid=670692a9-e93e-4898-8e72-bcba61a3d855&searchtype=ds&q={searchTerms}&installDate=03/05/2013
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=AT&userid=670692a9-e93e-4898-8e72-bcba61a3d855&searchtype=hp&installDate=03/05/2013
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=AT&userid=670692a9-e93e-4898-8e72-bcba61a3d855&searchtype=ds&q={searchTerms}&installDate=03/05/2013
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=AT&userid=670692a9-e93e-4898-8e72-bcba61a3d855&searchtype=ds&q={searchTerms}&installDate=03/05/2013
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=AT&userid=670692a9-e93e-4898-8e72-bcba61a3d855&searchtype=ds&q={searchTerms}&installDate=03/05/2013
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at"
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: addon%40freecorder.com:7.0.0.13
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "https://www.google.de/search?q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.01 01:04:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.01 01:04:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.03 23:04:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.05 17:23:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.13 01:01:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.13 01:01:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011.07.20 01:53:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Users\***\Desktop\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Users\***\Desktop\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.13 01:01:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.13 01:01:39 | 000,000,000 | ---D | M]
 
[2012.01.24 05:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.03.23 14:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.06.04 14:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2013.05.03 23:16:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5kkc7eks.default\extensions
[2013.05.03 23:11:14 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5kkc7eks.default\extensions\addon@freecorder.com
[2013.05.03 23:06:40 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5kkc7eks.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.05.03 23:10:24 | 000,002,435 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\5kkc7eks.default\searchplugins\Web Search.xml
[2013.05.03 23:04:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2011.12.18 02:52:29 | 000,001,766 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1       www.derstandard.at
O1 - Hosts: 127.0.0.1       derstandard.at
O1 - Hosts: 127.0.0.1       www.diepresse.com
O1 - Hosts: 127.0.0.1       diepresse.com
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\***\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (QuickStores-Toolbar) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (Microsoft Corporation)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Snap.DoEngine) - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension\ScriptHost.dll (Applian Technologies Inc.)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\***\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (QuickStores-Toolbar) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Snap.Do) - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\Toolbar\WebBrowser: (no name) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No CLSID value found.
O3 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\Toolbar\WebBrowser: (no name) - {968631B6-4729-440D-9BF4-251F5593EC9A} - No CLSID value found.
O3 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002..\Run: [Browser Infrastructure Helper] C:\Users\***\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O4 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://www.driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D410E442-F380-4A2F-B7D9-77889AE698C3}: NameServer = 195.3.96.67,213.33.98.136
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\COMMON~1\JAKSTA~1\AUDIOC~1\jaudcap.dll) - C:\Program Files\Common Files\Jaksta Technologies\Audio Capture\jaudcap.dll (Jaksta Technologies Pty Ltd)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002 Winlogon: Shell - (C:\Users\***\AppData\Roaming\skype.dat) - C:\Users\***\AppData\Roaming\skype.dat ()
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{01d1aa9b-af13-11dd-b701-001aa09eca84}\Shell\AutoRun\command - "" = K:\ -- File not found
O33 - MountPoints2\{01d1aa9b-af13-11dd-b701-001aa09eca84}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.04 00:02:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Freecorder 8 Video
[2013.05.04 00:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013.05.04 00:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2013.05.03 23:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Jaksta Technologies
[2013.05.03 23:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder extension
[2013.05.03 23:09:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Smartbar
[2013.04.13 01:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.04.10 15:47:38 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 15:47:37 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 15:47:37 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 15:47:33 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.10 15:47:33 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 15:47:33 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013.04.10 15:47:32 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 15:47:32 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.10 15:47:32 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.10 15:47:32 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.10 15:47:32 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.04.10 15:47:32 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 15:47:32 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.10 15:47:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.04.10 15:47:32 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.10 15:47:32 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.04.10 15:47:32 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.04.10 15:47:32 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.10 15:47:32 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.10 15:47:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 15:47:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.04.10 15:45:52 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.04.10 15:45:39 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[4 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.04 14:27:56 | 000,653,508 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.04 14:27:56 | 000,617,960 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.04 14:27:56 | 000,128,648 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.04 14:27:56 | 000,105,960 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.04 14:23:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.04 12:16:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.05.04 12:16:42 | 000,000,004 | ---- | M] () -- C:\Users\***\AppData\Roaming\skype.ini
[2013.05.04 12:16:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.04 12:16:08 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C6F37A9C-1DE6-46DA-8E4D-9DAD9E042610}.job
[2013.05.04 12:16:04 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.04 12:16:04 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.04 12:05:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.04 11:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.03 23:10:24 | 000,002,067 | ---- | M] () -- C:\Users\***\Desktop\Search.lnk
[2013.05.02 14:21:30 | 005,113,454 | ---- | M] () -- C:\Users\***\Desktop\James Arthur - Impossible - Official Single.mp3
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.04.24 19:51:36 | 005,420,880 | ---- | M] () -- C:\Users\***\Desktop\Simple Plan- Summer Paradise ft. K'naan (Lyrics).mp3
[2013.04.22 01:11:59 | 000,004,673 | -HS- | M] () -- C:\Users\***\Desktop\Folder.jpg
[2013.04.22 01:11:59 | 000,001,526 | -HS- | M] () -- C:\Users\***\Desktop\AlbumArtSmall.jpg
[2013.04.11 00:21:25 | 000,338,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[4 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.04 00:29:46 | 000,000,004 | ---- | C] () -- C:\Users\***\AppData\Roaming\skype.ini
[2013.05.03 23:10:24 | 000,002,097 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.05.03 23:10:24 | 000,002,067 | ---- | C] () -- C:\Users\***\Desktop\Search.lnk
[2013.05.03 23:04:19 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.03 22:59:23 | 005,113,454 | ---- | C] () -- C:\Users\***\Desktop\James Arthur - Impossible - Official Single.mp3
[2013.05.03 22:59:20 | 005,420,880 | ---- | C] () -- C:\Users\***\Desktop\Simple Plan- Summer Paradise ft. K'naan (Lyrics).mp3
[2012.08.05 16:29:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2012.06.12 14:52:56 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssi1mlm.dll
[2012.05.23 16:57:57 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.05.23 16:56:05 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT
[2012.01.12 04:11:15 | 000,098,304 | ---- | C] () -- C:\Users\***\AppData\Roaming\skype.dat
[2011.12.24 03:45:22 | 000,001,386 | -HS- | C] () -- C:\Users\***\AppData\Roaming\systemFP.$dk
[2010.12.16 02:34:34 | 000,010,109 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2010.05.18 16:17:16 | 000,004,832 | -H-- | C] () -- C:\Users\***\mxfilerelatedcache.mxc2
[2009.04.18 14:40:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.03.26 22:06:59 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.08.30 15:20:39 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.04.14 20:39:23 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.11.30 17:22:38 | 000,211,968 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Verlauf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Meine empfangenen Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\MAGIX_MusicMakerHipHopEdition2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\MAGIX Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Graboid:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Freecorder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\FFOutput:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Ableton:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\Sonstiges:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\Simple Plan- Summer Paradise ft. K'naan (Lyrics).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\James Arthur - Impossible - Official Single.mp3:Roxio EMC Stream
@Alternate Data Stream - 16 bytes -> C:\Users\***\Downloads:Shareaza.GUID
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:96D0C06F

< End of report >
         
Extras.Txt
Code:
ATTFilter
OTL Extras logfile created on: 04.05.2013 14:29:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = K:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 82,18% Memory free
4,23 Gb Paging File | 4,04 Gb Available in Paging File | 95,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 203,24 Gb Total Space | 111,62 Gb Free Space | 54,92% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 5,72 Gb Free Space | 57,20% Space Free | Partition Type: NTFS
Drive K: | 987,63 Mb Total Space | 987,05 Mb Free Space | 99,94% Space Free | Partition Type: FAT
Drive L: | 19,53 Gb Total Space | 19,43 Gb Free Space | 99,50% Space Free | Partition Type: NTFS
Drive X: | 232,83 Gb Total Space | 224,81 Gb Free Space | 96,56% Space Free | Partition Type: NTFS
 
Computer Name: DELL-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 
"AntiVirusOverride" = 
"FirewallDisableNotify" = 
"FirewallOverride" = 
"FirstRunDisabled" = 
"UpdatesDisableNotify" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A1D2E3-0159-4CA5-8F01-633E85258024}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | 
"{0CCB58F7-8780-4ABC-8CA3-51BC6C9909D7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0E34F2F7-A9D7-4496-B080-243C66B0A34C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 | 
"{1143C70C-32C4-4686-990C-28265803D04D}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{1C77DB37-25DB-4433-A109-60A1FD73E4C7}" = lport=5721 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4002 | 
"{1DB343EA-DAC9-4573-8465-5B201272F25A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{28CF3485-3472-4F0D-A163-B76830F78CEF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2C57CB5F-A7C5-4598-8F82-FFD72DF5D6D3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{32C95C2C-6867-46BA-BE3F-471393668ED8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{39290B55-2B22-454D-B7AE-B712F10E6752}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4EF8AF75-511A-4C78-8CFA-00CFE405B5C5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{51E3BED8-1548-46D7-A040-3657C0B67CC3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{531C4239-7E50-4BC6-9EEB-70172F089236}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server | 
"{55517118-9DB8-476D-810C-ABF4AD5103C8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5CEBC998-F776-48B0-B7D9-617BEB55E1D1}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{6AAF62EC-F018-435F-9CA1-7C1BE7D10F6C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{882F8D9F-0802-4F14-BFF1-F1284D6FA278}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{8CA0A776-7FC8-497E-8BA2-BCEA9C5CDC19}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | 
"{8DCB0F69-5B96-45B7-AEBF-EFF5784427A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8E465578-0C12-4610-BF95-219683C5FEB0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9774CF22-74EA-44D0-96F1-A6F955A219F8}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{987700EE-5D8B-4ECB-A593-B596959024DB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9C55020D-2141-4362-B1CD-91623BE7AB5F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9D923621-986D-41FB-BA88-A20FC98DE40A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A99D296B-BCE1-4650-ADE7-11F2DBC07F41}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A9B3E516-811F-47EE-B1E7-0D9D2C23709B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BE27BFA6-6CBF-4BF7-B414-CB85BB5C6D07}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C0140C34-EC8D-4566-AD6A-491E7711CBA4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C0C25E83-4DC1-497B-AB14-CBE2FED124F0}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 | 
"{CFE3C26C-52EC-44FF-AA18-476CAFFEC25C}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{D6EC9CF8-36CE-4F20-98F4-88065D2589D3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E69F85B7-22C1-4ACB-B8A7-413273958340}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E8C5584B-6CA7-43B2-AA86-1B1221DAB5BC}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{EE5150DC-C5C6-406E-B99F-7FF07C7EF0AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0508FBE2-83E5-403A-8D21-C8EF3808EA8A}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"{06681DF5-8B77-4160-B459-EE1EB7FCA0C9}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{0E4BCCFE-8EFB-4308-8FFB-D5C5A1A0B024}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{124AE3A9-C596-4BED-835A-F6F69CB2478F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1808CB43-D1B8-4684-914A-CB68794AFCAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2483BF85-D44E-4370-8BDD-4F25EEC9EDFC}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{2B69AD29-035B-405F-A52F-402C7B6A2E2C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3416CE8D-9C4D-4984-9444-B0E39C46ABC9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{38D45935-B903-43A8-A213-F44FBBD10B38}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{3D77BBF7-3DC2-4728-BF5D-F306D784D418}" = protocol=6 | dir=in | app=c:\users\***\desktop\sonstiges\wlan-assistent_rtm.exe | 
"{4D262792-FE96-4CFA-A9C5-96A2DD6D2CFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4E479BCC-DB2C-45B4-9F52-2EA89EB6DDC8}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{4FD6B4DA-D391-466C-A517-C4B4794D3772}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"{54F0BAAF-76F6-4C3E-B5AB-B627C7143825}" = protocol=6 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{5C7BE2D4-3EA9-48C0-9EB6-19E67ECB2B16}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5D08F6F8-EC54-4A8B-891E-B43D79F32F37}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{657DEB62-F8E2-4793-9B72-95E48E39532C}" = protocol=6 | dir=in | app=c:\users\***\desktop\wlan-assistent_rtm.exe | 
"{68E92467-51CF-4718-8B13-F45004D4B552}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6CE67265-A60C-4B53-99F1-2F046ED1A03B}" = protocol=6 | dir=out | app=system | 
"{75114C5A-67C2-412C-897D-6153BF77C506}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{778CB886-5749-4AF9-8579-DDCD9D9DF3FC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7E520238-8498-4856-A7F5-32A55DFA12CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7F01B42C-DE38-4CAA-853A-3C74F19C3982}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{84E27C76-8CF4-4F85-8E03-5421FC375CAA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8BFD8868-13FF-4217-8592-5821B167416E}" = protocol=17 | dir=in | app=c:\users\***\desktop\sonstiges\wlan-assistent_rtm.exe | 
"{8D4DA714-5D07-4ACA-86D5-60CC48374C86}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{98B99113-C1F5-4691-816D-78570EC7CCDA}" = protocol=17 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{9F1CE2EC-CC03-4BE5-9A5E-C253A8249521}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{A826C3F6-3459-4EB9-8574-FCE6A3E3434E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B2FF9C33-05C5-4C7C-9227-B82D6B3085A1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{B4FD5CAD-D4A1-4DB7-A40B-B4C92DF66136}" = protocol=6 | dir=in | app=c:\users\***\desktop\wlan-assistent_rtm.exe | 
"{B60A28E8-2F6D-4812-9225-29C650E18E8B}" = protocol=17 | dir=in | app=c:\users\***\desktop\wlan-assistent_rtm.exe | 
"{B8C8FA32-9C38-448B-BA24-BE64352ADF7D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BBDF0604-8AA8-4928-BD19-FEDCE39D4A37}" = protocol=6 | dir=in | app=c:\program files\applian technologies\freecorder 8 applications\torrent\aria2c.exe | 
"{C4A52F1D-15E7-4DB7-AD71-F8F66AA9B209}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{C564684C-8D2E-4FBB-9D18-E063A607FE9A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D9488C6B-69A0-4123-87A5-EF8740BF98E5}" = protocol=17 | dir=in | app=c:\users\***\desktop\wlan-assistent_rtm.exe | 
"{DCD5CD4A-EA64-45EB-9ABE-FDCEED5719D9}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{E2EE13C5-DCE5-4BF6-B64C-30B921110D25}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E825FDCA-6CF5-4EE8-8622-203B823F3536}" = protocol=17 | dir=in | app=c:\users\***\desktop\sonstiges\wlan-assistent_rtm.exe | 
"{EA4A0211-0B43-4387-874E-09B1E0553AF5}" = protocol=17 | dir=in | app=c:\program files\applian technologies\freecorder 8 applications\torrent\aria2c.exe | 
"{EDF08E66-44F7-40AE-8C41-77EB903846DD}" = protocol=6 | dir=in | app=c:\users\***\desktop\sonstiges\wlan-assistent_rtm.exe | 
"{F11BF259-5F06-45D4-BF64-4076CE3631F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F25A542B-85B1-4816-82B7-D5E18AB9A014}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F86E9487-AFE3-446D-96DD-C71AACE91D2A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F8DB1802-B1B4-4F50-AEFF-853FE4A9175A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{129DBC68-088A-4ED1-9800-99CC39AA0318}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"TCP Query User{3ED03619-7B94-46D4-8F3D-B4C1623D9C04}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{47AC62DA-E5F1-4B29-942C-DE3823AA64D7}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{5420C13F-06E4-4A13-955F-CBBC225E5589}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{5E19D479-52F0-4F5D-9D8C-DDDD8A659DE7}C:\program files\sprite software\sprite backup\spriteservice.exe" = protocol=6 | dir=in | app=c:\program files\sprite software\sprite backup\spriteservice.exe | 
"TCP Query User{84176260-E43A-4617-B9BA-59009EFB3C72}C:\program files\mozilla firefox 4.0 beta 7\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 7\plugin-container.exe | 
"TCP Query User{A6DDE160-E1E8-4ADA-8773-B79D84A5CFCE}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{AF22FBB3-9F78-47B1-BAA1-45DE2B0FF71F}C:\program files\mozilla firefox 4.0 beta 9\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 9\plugin-container.exe | 
"TCP Query User{D5BD4524-5575-4ED8-9171-EC5946EE9DB8}C:\program files\msn messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"TCP Query User{DC5FEF27-AC9B-4730-8FC7-FEA479B8752B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{DCE76A23-9203-4A9F-9188-007BDB789700}C:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe | 
"TCP Query User{DCEF8876-9521-4F1F-A86B-8E200E574048}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{E0F91657-94A0-48FB-B848-B9633FE0E3B6}C:\users\***\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{E37F5762-13B7-4903-9126-31204A5F2F83}C:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe | 
"UDP Query User{0B490985-432D-41AC-8666-F5771D4D43CE}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{109F2FF9-38D7-4714-A211-0D8082442A7A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{17266048-43FA-4F7C-815A-5A7E8665E90C}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"UDP Query User{180864EB-FE74-47F0-8D56-6FD1D713F1DA}C:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe | 
"UDP Query User{1D74F922-9932-46A0-AF53-98D2877E9608}C:\program files\mozilla firefox 4.0 beta 9\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 9\plugin-container.exe | 
"UDP Query User{336D5DFD-38B8-4EC7-B8FE-8F68AB398048}C:\program files\msn messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"UDP Query User{362E9BF4-5AB4-47BD-8A48-D869A0E3A97C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{4F84D25C-5419-40ED-A15A-0733CD83C50E}C:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe | 
"UDP Query User{4FF88C37-C752-4AB3-99D8-550E85749A7D}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{5F74732E-2F9C-4691-AB88-4776EF9C9883}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{6E254C99-9D1A-469E-8866-3B443E940318}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{774B9551-9078-4350-8AAF-CECD4FC1B460}C:\program files\mozilla firefox 4.0 beta 7\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 7\plugin-container.exe | 
"UDP Query User{AA36A05C-9AB0-4D89-A9F8-0BFC4E19356C}C:\program files\sprite software\sprite backup\spriteservice.exe" = protocol=17 | dir=in | app=c:\program files\sprite software\sprite backup\spriteservice.exe | 
"UDP Query User{BD5992C3-C80C-4146-A260-A28E362DDEB3}C:\users\***\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\google\chrome\application\chrome.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{0339996A-1CC7-4FCD-8BE6-A32076E70272}" = Application Suite
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{045DB95B-F123-B440-D999-AD083AA55196}" = CCC Help German
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10149D2B-5A65-9DF4-662A-B532FEEC222C}" = Catalyst Control Center Graphics Light
"{11CB6E0D-FFB2-7FAE-17FC-CA92BEE8F24A}" = Catalyst Control Center Localization Japanese
"{1400192B-D969-6FD4-8044-E2D07C5ADE3A}" = Catalyst Control Center Localization German
"{14BD87BE-02AA-8E04-602C-B20A43267F5B}" = CCC Help Japanese
"{1662D4E1-B469-D6A3-085B-0B5350BF7CA5}" = Catalyst Control Center Localization Italian
"{168879EE-A348-BFB7-3622-3651449C629F}" = CCC Help Italian
"{1A8E3C5D-B772-CB4A-1117-751B5D79787B}" = Catalyst Control Center Graphics Light
"{1B2E11A4-8566-B8C7-3FB6-0D2A6F8D2139}" = CCC Help Portuguese
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{266156C9-F681-A84B-083C-D2052A461583}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A6FFA23-9188-E796-4AFF-196A2004AA39}" = ccc-utility
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{2EE437A9-75E3-10D1-3633-D4E8D6043503}" = CCC Help Spanish
"{2F3BCA05-4FD4-9418-1976-32F783E43DF4}" = Catalyst Control Center Graphics Full Existing
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31DABA20-10A1-4746-9D9F-57955B8DFF66}" = Free Games Offer, Desktop Shortcut
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{38DFDA1A-2392-2DA1-92EB-54FB66DC24C4}" = Catalyst Control Center Graphics Previews Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE8C77E-8703-B62E-8F7C-31F7AA97F2A7}" = Catalyst Control Center Localization French
"{4524E7FD-A547-C564-CD8F-A872F7C39029}" = CCC Help French
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5D36E01C-EEC6-F7C2-CBB9-AF00329B8009}" = ATI Catalyst Install Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E4FC36F-A7B5-EE38-2FE4-7D0D94D230F5}" = Catalyst Control Center Localization Portuguese
"{6EF2AFEF-2044-4A85-ED1F-E70A568D7ED9}" = Catalyst Control Center Localization Turkish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75F8E142-7720-156D-C74C-80AA0974B993}" = CCC Help Polish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7727DA6C-A845-890D-2B48-7863A93F167C}" = Catalyst Control Center Localization Korean
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{848C0C17-7C57-709A-FDC4-F257D4469BAA}" = ccc-utility
"{87CA11B3-C4CE-D989-42C7-C6197B266EFD}" = CCC Help Chinese Standard
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91F2493D-8A65-7BF3-5684-9D6397F8847D}" = Catalyst Control Center Core Implementation
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9529A038-D507-3B3F-ED6F-B0AB773153FE}" = ccc-core-static
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9794B30C-0FCB-3658-B44F-33BDDC788C2D}" = CCC Help English
"{994FCE98-1379-2A33-24BC-F092466CC5C4}" = Catalyst Control Center Localization Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1B504F-25BD-325C-0C2A-FEF791F59FE3}" = Catalyst Control Center Core Implementation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1E9E57-DD22-11D5-8B43-00105A9846E9}" = FLEXnet Connect SDK
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A3B99A45-2811-FA47-3055-3D247C4E2897}" = Catalyst Control Center Graphics Previews Common
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.3 - Deutsch
"{AC7C7307-6324-D891-1E53-77B00E4F0961}" = CCC Help Turkish
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EECBB7-BDA4-4E52-2BD6-69D70215AC48}" = Catalyst Control Center Localization Polish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C279E4B3-9FCD-9D82-7A83-B773C2D4E526}" = Catalyst Control Center Localization Hungarian
"{C2D192BE-5E2C-92CF-56A0-28C7D9D67B96}" = CCC Help Hungarian
"{C2F3DB53-EF8E-4885-36C4-34C4911FEAE0}" = ccc-core-static
"{C486C7E9-5591-8777-CEB5-FA373AFE6711}" = Catalyst Control Center Localization Spanish
"{C4B56EBE-6C53-4346-8F73-E380C123F4EF}" = WWP Demo
"{C57606D6-7A44-4A99-D6D0-BA07FD3ACCEA}" = Catalyst Control Center Localization Chinese Traditional
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D379100F-65A2-4B54-D568-CD2BE238C6A3}" = Catalyst Control Center Graphics Previews Vista
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D973AE1D-ACB1-2C54-92FE-A29E2A7482C0}" = CCC Help Thai
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD7E639B-0DAC-4587-A6BD-99B7D20E81B2}" = Snap.Do
"{E0EFA6E0-2A18-A83B-34EA-8435EFEE1285}" = CCC Help Korean
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E24EDDF0-93A0-95CC-509A-1C012180F8CB}" = Skins
"{E53C563F-1157-20B2-1276-755A22E814D2}" = Catalyst Control Center Localization Chinese Standard
"{E8DA1B1C-B987-9FD4-E4ED-DDA05DCE5E44}" = Catalyst Control Center Graphics Full Existing
"{EDEAA07C-654C-FB13-2F47-A4BDC41D77D0}" = Skins
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DDE283-47CF-30FC-F6C6-258FA404F784}" = Catalyst Control Center Graphics Full New
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{F6B8797E-923E-4902-9698-62937FE80FAB}" = CCC Help Chinese Traditional
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W
"{FBF1268D-3323-545E-4DD0-F45AD313E37E}" = Catalyst Control Center Graphics Previews Common
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"aonUpdate" = aonUpdate
"ASIO4ALL" = ASIO4ALL
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Editor 4_is1" = AVS Video Editor 4
"DivX Setup.divx.com" = DivX-Setup
"filehippo.com" = filehippo.com Update Checker
"FormatFactory" = FormatFactory 2.70
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video Dub_is1" = Free Video Dub version 1.8.12.602
"Freecorder 8 Applications" = Freecorder 8 Applications (8.0.0.87)
"Freecorder extension" = Freecorder extension
"Freecorder extension for Firefox" = Freecorder extension for Firefox
"GoldWave v4.26" = GoldWave v4.26
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 1.30
"InfraRecorder" = InfraRecorder
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.2.0.54 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"Samsung ML-331x Series" = Samsung ML-331x Series
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Mobile Device Handbook" = Windows Mobile-Ressourcen
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.05.2013 18:36:01 | Computer Name = DELL-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.05.2013 18:36:01 | Computer Name = DELL-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.05.2013 18:36:01 | Computer Name = DELL-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.05.2013 18:36:01 | Computer Name = DELL-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.05.2013 18:36:01 | Computer Name = DELL-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.05.2013 18:36:41 | Computer Name = DELL-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 03.05.2013 18:45:26 | Computer Name = DELL-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 03.05.2013 20:01:12 | Computer Name = DELL-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 03.05.2013 20:07:30 | Computer Name = DELL-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 04.05.2013 06:12:59 | Computer Name = DELL-PC | Source = EventSystem | ID = 4621
Description = 
 
[ Media Center Events ]
Error - 07.01.2008 04:11:11 | Computer Name = DELL | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 10.06.2008 04:38:43 | Computer Name = DELL-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ OSession Events ]
Error - 29.04.2008 03:49:09 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5874
 seconds with 960 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 04.05.2013 08:24:50 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.05.2013 08:24:50 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.05.2013 08:24:50 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.05.2013 08:24:50 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.05.2013 08:24:50 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.05.2013 08:24:50 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.05.2013 08:24:50 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.05.2013 08:24:50 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.05.2013 08:24:50 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.05.2013 08:24:50 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
Ich kenne mich mit Computern nicht sehr gut aus und wäre sehr, sehr dankbar für eine verständliche Hilfe.
Ich danke schon mal vielmals im Voraus!!!

Alt 04.05.2013, 23:41   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
2x Windows Vista: Weißer Bildschirm nach Start (ohne Text, abgesicherter Modus geht)! - Standard

2x Windows Vista: Weißer Bildschirm nach Start (ohne Text, abgesicherter Modus geht)!



Hier gehts weiter => http://www.trojaner-board.de/134477-...odus-geht.html
__________________

__________________

 

Themen zu 2x Windows Vista: Weißer Bildschirm nach Start (ohne Text, abgesicherter Modus geht)!
32 bit, bho, bildschirm, bonjour, computer, computern, converter, desktop, error, excel, failed, firefox, flash player, helper, home, hotspot, install.exe, limewire, log-analyse und auswertung, logfile, mp3, object, realtek, safer networking, scan, sekunden, smartbar, software, svchost.exe, trojaner, vista, weißer bildschirm, windows



Ähnliche Themen: 2x Windows Vista: Weißer Bildschirm nach Start (ohne Text, abgesicherter Modus geht)!


  1. WinXP - Weißer Bildschirm nach Anmeldung bei einem User - Abgesicherter Modus funktioniert - FRST32 bricht ab
    Log-Analyse und Auswertung - 22.01.2014 (9)
  2. Weisser Bildschirm beim Start Windows Vista- Abgesicherter Modus nicht möglich
    Log-Analyse und Auswertung - 27.10.2013 (28)
  3. GVU-Trojaner (Vista + Abgesicherter Modus fährt nach Start wieder herunter)
    Log-Analyse und Auswertung - 14.08.2013 (15)
  4. Windows Vista weißer Bildschirm nach Windows Start
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (17)
  5. Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus)
    Plagegeister aller Art und deren Bekämpfung - 05.08.2013 (7)
  6. Windows 7 Weißer Bildschirm... Abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 02.08.2013 (9)
  7. Windows Vista wei-er Bildschirm und abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 02.08.2013 (17)
  8. OTL Logdaten für GVU Trojaner, weißer Bildschirm, kein abgesicherter Modus unter Windows 7
    Log-Analyse und Auswertung - 09.07.2013 (25)
  9. Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (19)
  10. Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht.
    Log-Analyse und Auswertung - 11.05.2013 (22)
  11. Polizeitrojaner, Weißer Bildschirm, Kein Abgesicherter Modus, Windows 7
    Plagegeister aller Art und deren Bekämpfung - 04.02.2013 (13)
  12. VISTA,weißer Bildschirm, kein abgesicherter Modus :-(
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (9)
  13. Weißer Bildschirm nach Windows Start (Vista)
    Log-Analyse und Auswertung - 14.01.2013 (7)
  14. Windows Vista Weisser Bildschirm bei start + abgesicherter modus geht nicht
    Log-Analyse und Auswertung - 28.10.2012 (1)
  15. Weißer Bildschirm nach Start - es geht gar nichts mehr!
    Plagegeister aller Art und deren Bekämpfung - 09.03.2012 (7)
  16. Nach Start weißer Bildschirm und folgender Text . . .
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (91)
  17. Bundestrojaner - abgesicherter Modus in Vista - wie geht's mit / nach Malwarebytes weiter?
    Log-Analyse und Auswertung - 29.12.2011 (1)

Zum Thema 2x Windows Vista: Weißer Bildschirm nach Start (ohne Text, abgesicherter Modus geht)! - Liebe Helfer! Kurz vorweg: Ich habe denselben Beitrag versehentlich im Forum "Log-Analyse und Auswertung" gepostet. Es war wirklich ein Versehen - nur damit ich nicht des Crosspostings verdächtigt werde. Windows - 2x Windows Vista: Weißer Bildschirm nach Start (ohne Text, abgesicherter Modus geht)!...
Archiv
Du betrachtest: 2x Windows Vista: Weißer Bildschirm nach Start (ohne Text, abgesicherter Modus geht)! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.