Home » Viren, Trojaner & Malware Forum » Trojan.BHO gefunden » Themenansicht

Trojan.BHO gefunden
#0
01.02.2011, 21:28
alleshab
Member

Beiträge: 35
#1 habe hier trojananer BHO mit malwarebytes enddeckt ich vermute der ist hier eingedrungen beim öffnen einer junkmail.

hier der bericht :

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5652

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

01.02.2011 17:15:17
mbam-log-2011-02-01 (17-14-55).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 149253
Laufzeit: 9 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> No action taken.

bitte um hilfe.
Seitenanfang Seitenende
02.02.2011, 19:31
Swisstreasure
Moderator

Beiträge: 5694
#2 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

• alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Gmer ist geeignet für => NT/W2K/XP/VISTA.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
• Gmer startet automatisch einen ersten Scan.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Code

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

• Unbedingt auf "No" klicken,
anschließend über den Copy-Button das bisherige Resultat in die Zwischenablage zu kopieren.
• Füge das Log aus der Zwischenablage mit STRG + V in Deine Antwort in Deinem Thread ein.
.
• Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
• Hake an: System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
• Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren.
Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein (mit STRG + V).

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.
Seitenanfang Seitenende
04.02.2011, 11:41
alleshab
Member

Themenstarter

Beiträge: 35
#3

Code

OTL logfile created on: 04.02.2011 02:52:51 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Melanie\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147,38 Gb Total Space | 68,44 Gb Free Space | 46,44% Space Free | Partition Type: NTFS
Drive D: | 73,69 Gb Total Space | 73,56 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
Drive F: | 149,00 Gb Total Space | 101,31 Gb Free Space | 67,99% Space Free | Partition Type: FAT32
 
Computer Name: MELANIE-PC | User Name: Melanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011.02.04 00:58:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe
PRC - [2010.10.22 15:09:58 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.05.14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010.04.27 15:39:38 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
PRC - [2010.03.03 05:12:32 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.03.03 05:11:58 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.12.19 04:32:39 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.11.19 15:00:38 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007.11.19 14:35:46 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007.04.10 16:01:32 | 004,431,872 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.12.28 00:02:00 | 001,454,080 | R--- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WLanGUI.exe
PRC - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WlanNetService.exe
PRC - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.09.21 03:01:00 | 000,139,264 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBEE.EXE
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011.02.04 00:58:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe
MOD - [2006.11.02 10:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] --  -- (CLTNetCnService)
SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.05.14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010.04.28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.03.03 05:11:58 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.08.13 10:41:20 | 000,312,568 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007.12.19 04:32:39 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.11.19 15:00:38 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007.11.19 14:35:46 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.03.03 05:22:26 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010.03.03 05:22:26 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010.03.03 04:07:16 | 000,152,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009.12.08 13:18:23 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.08.05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.09 14:07:55 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.12.01 14:26:27 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008.12.01 14:26:26 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007.11.26 23:47:30 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.04.10 19:05:38 | 001,764,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.04.04 04:57:00 | 000,046,592 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.02.16 15:18:38 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.02.12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006.12.28 00:02:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.12.28 00:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.11.28 21:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PDNMp50.sys -- (PDNMp50)
DRV - [2006.11.28 21:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PDNSp50.sys -- (PDNSp50)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 F2 41 2E B9 AD CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.1.3
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.1.3
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 09:18:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010.09.28 10:10:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.28 01:20:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.28 01:20:02 | 000,000,000 | ---D | M]
 
[2008.07.15 18:31:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Extensions
[2008.07.15 18:31:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.02.04 01:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\4qphc6nf.default\extensions
[2009.09.03 11:55:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\4qphc6nf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.01.15 15:30:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\4qphc6nf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.11.22 22:57:37 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\4qphc6nf.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.11.22 22:57:37 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\4qphc6nf.default\extensions\engine@conduit.com
[2010.10.19 20:28:08 | 000,000,927 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\conduit.xml
[2011.02.01 11:45:39 | 000,000,950 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin-1.xml
[2010.06.29 14:03:38 | 000,000,950 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin-10.xml
[2010.07.23 18:05:33 | 000,000,950 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin-11.xml
[2010.07.24 12:26:49 | 000,000,950 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin-12.xml
[2010.09.09 22:05:33 | 000,000,950 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin-13.xml
[2010.09.16 16:35:54 | 000,000,950 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin-14.xml
[2010.10.26 14:38:19 | 000,000,656 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin-15.xml
[2010.10.28 15:41:51 | 000,000,950 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin-16.xml
[2010.11.22 23:15:30 | 000,000,950 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin-17.xml
[2010.11.26 01:38:14 | 000,000,656 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin-18.xml
[2009.11.07 20:36:34 | 000,000,961 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin-2.xml
[2009.12.19 14:44:02 | 000,000,961 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin-3.xml
[2010.01.06 13:55:52 | 000,000,961 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin-4.xml
[2010.02.18 12:45:17 | 000,000,961 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin-5.xml
[2010.03.17 14:31:17 | 000,000,950 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin-6.xml
[2010.03.24 17:59:54 | 000,000,950 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin-7.xml
[2010.04.09 13:41:41 | 000,000,950 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin-8.xml
[2010.06.25 00:19:26 | 000,000,950 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin-9.xml
[2008.03.31 08:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin.gif
[2008.03.31 08:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin.src
[2009.10.24 15:10:50 | 000,000,955 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\icqplugin.xml
[2009.03.31 19:45:31 | 000,001,632 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4qphc6nf.default\searchplugins\live-search.xml
[2010.11.29 20:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2009.08.07 22:05:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.15 20:02:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.02 00:16:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.03.06 09:18:18 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.13 17:08:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2010.12.13 17:08:01 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.13 17:08:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.12.13 17:08:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.12.13 17:08:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} -  File not found
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} -  File not found
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} -  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [recinfo977] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched]  File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus DX4000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ICQ]  File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0dff6c01-b8d1-11dd-a280-00030d89739e}\Shell\AutoRun\command - "" = H:\setupSNK.exe
O33 - MountPoints2\{3c0f79ad-4146-11dd-a395-00030d89739e}\Shell - "" = AutoRun
O33 - MountPoints2\{3c0f79ad-4146-11dd-a395-00030d89739e}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{f1ce7419-527f-11dd-b0ee-00030d89739e}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\CYBERL~1\PowerDV\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011.02.04 00:58:00 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe
[2011.02.01 11:43:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.02.01 11:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.01 11:43:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.16 22:54:22 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Roaming\Intel
[2011.01.10 20:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2011.01.10 20:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011.01.10 20:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011.01.10 20:03:55 | 000,000,000 | ---D | C] -- C:\DRIVERS
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011.02.04 02:55:48 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{07071058-60C6-4BBA-A1F7-4D4784A6A52F}.job
[2011.02.04 02:52:22 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.04 02:52:22 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.04 02:52:22 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.04 02:52:22 | 000,011,572 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.04 02:51:41 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.04 02:51:41 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.04 02:19:22 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.02.04 02:15:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.04 01:06:53 | 000,138,520 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.02.04 01:06:37 | 000,234,536 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.02.04 00:58:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe
[2011.02.04 00:51:49 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.04 00:51:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.03 20:42:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.02.03 02:23:02 | 205,466,750 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.02.01 17:16:06 | 003,047,449 | ---- | M] () -- C:\Users\Melanie\Desktop\Zu Verkaufen.odt
[2011.02.01 11:43:27 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.21 12:27:25 | 000,014,044 | ---- | M] () -- C:\Users\Melanie\Desktop\Frist für Ramada.odt
[2011.01.10 19:39:48 | 000,037,376 | ---- | M] () -- C:\Users\Melanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.10 19:39:29 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011.02.01 17:16:04 | 003,047,449 | ---- | C] () -- C:\Users\Melanie\Desktop\Zu Verkaufen.odt
[2011.02.01 11:43:27 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.21 12:27:24 | 000,014,044 | ---- | C] () -- C:\Users\Melanie\Desktop\Frist für Ramada.odt
[2010.09.28 10:05:07 | 000,001,263 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.04.10 21:18:59 | 000,138,056 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\PnkBstrK.sys
[2010.03.03 04:06:00 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009.08.14 22:24:04 | 000,138,520 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.03.22 19:07:13 | 000,000,193 | ---- | C] () -- C:\Users\Melanie\AppData\Local\rahistory.xml
[2009.03.22 18:27:00 | 000,000,333 | ---- | C] () -- C:\Users\Melanie\AppData\Local\RAExpertHistory.xml
[2008.12.01 14:26:27 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.12.01 14:26:26 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.11.27 21:41:20 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.11.25 07:58:25 | 000,000,680 | ---- | C] () -- C:\Users\Melanie\AppData\Local\d3d9caps.dat
[2008.11.10 20:47:20 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.11.02 19:35:23 | 000,026,340 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\UserTile.png
[2008.08.24 11:26:02 | 000,037,376 | ---- | C] () -- C:\Users\Melanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.23 19:39:44 | 000,000,000 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\wklnhst.dat
[2007.11.19 14:55:18 | 000,958,464 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009.09.16 10:44:40 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Azureus
[2009.02.09 15:02:04 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\DAEMON Tools
[2009.02.09 15:00:03 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\DAEMON Tools Lite
[2009.02.09 15:02:04 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\DAEMON Tools Pro
[2008.06.25 20:18:47 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\GSC
[2009.11.13 18:17:36 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\ICQ
[2008.07.20 19:28:37 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\ICQ Toolbar
[2008.09.11 11:51:04 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\LimeWire
[2008.11.27 21:06:42 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\NCH Swift Sound
[2008.11.23 18:11:16 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\OpenOffice.org
[2008.11.02 19:35:22 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\PeerNetworking
[2010.11.22 23:29:30 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Spyware Terminator
[2008.07.15 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\TomTom
[2011.02.03 20:42:04 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.02.04 02:55:48 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{07071058-60C6-4BBA-A1F7-4D4784A6A52F}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2007.01.05 12:29:34 | 000,000,030 | ---- | M] () -- C:\batch.wtc
[2006.11.02 10:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2007.12.19 13:15:12 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009.09.22 02:11:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.09.22 02:11:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.02.04 00:51:36 | 2459,762,688 | -HS- | M] () -- C:\pagefile.sys
[2000.01.08 21:34:13 | 000,023,855 | ---- | M] () -- C:\Prodlog.txt
 
[color=#A23BEC]< %systemroot%\system32\*.wt >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.ruy >[/color]
 
[color=#A23BEC]< %systemroot%\Fonts\*.com >[/color]
[2006.11.02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006.11.02 13:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
[color=#A23BEC]< %systemroot%\Fonts\*.dll >[/color]
 
[color=#A23BEC]< %systemroot%\Fonts\*.ini >[/color]
[2006.09.18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
[color=#A23BEC]< %systemroot%\Fonts\*.ini2 >[/color]
 
[color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/color]
[2008.12.01 09:02:20 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5oe.dll
[2006.11.02 10:46:05 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006.11.02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
 
[color=#A23BEC]< %systemroot%\REPAIR\*.bak1 >[/color]
 
[color=#A23BEC]< %systemroot%\REPAIR\*.ini >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.jpg >[/color]
 
[color=#A23BEC]< %systemroot%\*.scr >[/color]
[2010.04.17 01:45:28 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
[color=#A23BEC]< %systemroot%\*._sy >[/color]
 
[color=#A23BEC]< %APPDATA%\Adobe\Update\*.* >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Favorites\*.* >[/color]
 
[color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\*.* >[/color]
[2008.12.12 16:10:27 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
[color=#A23BEC]< %APPDATA%\Update\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2010.03.03 05:13:04 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\ATIDEMGX.dll
[2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtrans.dll
[2006.11.02 10:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\rsaenh.dll
[2007.12.19 04:41:01 | 000,223,232 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\SLC.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2007.12.19 13:14:59 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007.12.19 13:14:57 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007.12.19 13:14:59 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007.12.19 13:15:09 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007.12.19 13:15:10 | 006,021,120 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
[color=#A23BEC]< %systemroot%\system32\user32.dll /md5 >[/color]
[2007.12.19 04:24:33 | 000,633,856 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\user32.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\system32\ws2_32.dll /md5 >[/color]
[2006.11.02 10:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\ws2_32.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\system32\ws2help.dll /md5 >[/color]
[2006.11.02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.12.19 05:05:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.12.19 05:05:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
 
[color=#A23BEC]< MD5 for: WININIT.EXE  >[/color]
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-02-01 09:54:02

< End of report >
[end]

extras:

[start]

OTL Extras logfile created on: 04.02.2011 02:52:51 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Melanie\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147,38 Gb Total Space | 68,44 Gb Free Space | 46,44% Space Free | Partition Type: NTFS
Drive D: | 73,69 Gb Total Space | 73,56 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
Drive F: | 149,00 Gb Total Space | 101,31 Gb Free Space | 67,99% Space Free | Partition Type: FAT32
 
Computer Name: MELANIE-PC | User Name: Melanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049E0A3D-DB65-422E-A180-F8F790DA02F2}" = lport=6112 | protocol=6 | dir=in | name=warcraft3 | 
"{15CDEE99-6E62-4BE3-878E-821462894C51}" = rport=139 | protocol=6 | dir=out | app=system | 
"{25435FCF-48B5-45F9-B412-DB128DB353E8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5434E92E-D34D-4AE3-B656-02E3CC9BE153}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5C36E5BE-1C4A-4B31-8DAA-CB5D83A06372}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{640AD16E-5E5C-4863-B14E-C9B506000522}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6EA9B074-D4D4-4048-97E7-3C0B1F2B8BD0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{73655FE8-417E-4302-875C-47532271573A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{79AAE10A-61BD-4355-A5E7-D7858ACFDAAD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A0184C49-2AF6-4EA7-9238-F1F0BF497516}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B36C1E9B-1A2F-4384-B3EA-F8E7492197A0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D8B71086-3094-45D9-9E81-BBB68A930073}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E501CEA4-7CB8-42E0-86BB-95A08186275E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E583571A-352B-42E5-815A-27158C93E583}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F04A402E-2D8D-4DA0-936A-3DF3D7F18080}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F360D9E9-9069-413E-B947-EF9C1FA414CD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FB990C11-9B8C-4CD3-872E-7D2E0D3CD8D5}" = lport=138 | protocol=17 | dir=in | app=system | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07038D30-DE4F-477F-B380-3A3B15E48032}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0DDCA06E-47DB-44B2-B12D-9E15434D19ED}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{102C1ACE-70E1-4B91-95B5-DC056C49497C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{10F9F2A6-649C-4AD5-8DD1-57CC3E06648D}" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"{12F9D2EE-DF96-486C-A73A-7EA6F8026ABD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1925DC04-1DB8-4F5C-940E-8564592A3F41}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{1EE34640-E249-452A-B43F-CB1ABDDB2E70}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{2DC3C711-7D38-445E-B272-73A52CF868BB}" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701addon.exe | 
"{2E7820AB-6045-49AD-BB6E-00AD9E6D4588}" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701addon.exe | 
"{3DC3B1DA-E0F3-40B6-9417-19D7797526C9}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{40E0DF9C-89C0-4C1F-85DC-815BFB897283}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6EC27E18-54FB-4E45-B8AA-70EB4282336A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{74BC7FFB-8672-44B3-9B4A-F7473E24BEA0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{74F10297-F310-49C2-9E56-81786FFB2C48}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{771DA5A7-46EB-4A98-897C-32BFFE7F11A4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{7A9E18DE-A780-4F62-9F5F-388C0E5F984D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{7DFAEBF5-81A8-4331-90AD-A7962FE0B730}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{7EA7FDBE-6467-4C91-A33E-DD61AE0018E7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{801328EE-B7A9-49B2-AA12-1DBBFBA2362A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{880B134D-F78F-4530-994B-1615CD0F19D6}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe | 
"{8BDB8892-CB8A-47F9-8B0E-BA2E241B884C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{91AA477B-115A-4076-88D8-6C468F15759E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{91F01A6E-5B68-4173-95AE-E38485A24A4F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{93F45909-B665-4E89-98F2-F3C83BEC5216}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{97FF9C3B-7D92-4A07-86AB-094BC347A366}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{999DB2EA-3194-42B8-A69C-9FE730C9BB84}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{99F3EDFD-C6F0-431A-9687-B4E8954849A6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9AE08BE5-8E58-49F1-89ED-CAAC99014990}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9CC6C1AB-C016-49EA-BCCF-E6B10077093B}" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"{B500B7D7-563A-4D23-AD25-D8C4FC327CBF}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{BB7306E4-610D-42D5-85A6-B90E6BE71A2C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DB0136F2-793F-45F5-A52B-BCECAD529242}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{F578E3A1-E294-4A6D-B383-8C5188E45426}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{FC063F8E-9D0E-4D9A-B723-D53CEA378CCF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{FD3E9169-CEF7-4AFE-A35A-A65946C547AC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"TCP Query User{0B4678C8-3FB2-4568-A441-73DD9F03BFF7}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{1B82C26E-AEED-4445-9CCB-281B865151CB}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{583A887B-0D60-4E7E-AF2B-30597A305B1B}C:\program files\tightvnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files\tightvnc\winvnc.exe | 
"TCP Query User{6B641BBF-BB36-4EC3-AE9D-1E2D7FB94B7D}C:\program files\steam\steamapps\ozzy2000\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\ozzy2000\counter-strike source\hl2.exe | 
"TCP Query User{7248DDCF-9F18-4EE1-BD81-B082312A3FA1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{A1B7CAB8-74C6-435D-ABE1-F8CF7680149A}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{D499D9F1-8C8D-474A-BBA3-25B567B42409}C:\program files\steam\steamapps\slyshift\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\slyshift\counter-strike source\hl2.exe | 
"TCP Query User{D4C78C85-C71F-4AB8-8749-C0FF57A5C6E5}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{E22E9C52-4790-4207-A0DB-7760CF83CA3B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E64AB10E-E745-4CDF-8988-C2D08FA4F071}G:\festplatte\azureus\azureus.exe" = protocol=6 | dir=in | app=g:\festplatte\azureus\azureus.exe | 
"UDP Query User{0A334097-32DA-4D6A-9FA4-E6DFE94CC877}G:\festplatte\azureus\azureus.exe" = protocol=17 | dir=in | app=g:\festplatte\azureus\azureus.exe | 
"UDP Query User{3580210C-DF9F-4CD7-BC1F-0B08B7624C14}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{469F73F5-7ED6-4759-A012-331D8A344082}C:\program files\steam\steamapps\ozzy2000\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\ozzy2000\counter-strike source\hl2.exe | 
"UDP Query User{4FD36FDB-CE59-4ECC-899A-DF92000F4310}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{64E910F5-E0FD-4E26-870C-0F0528936A4A}C:\program files\tightvnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files\tightvnc\winvnc.exe | 
"UDP Query User{82EB6AF0-099E-4AA6-90AB-250A8BE20730}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{A7791C75-5113-4CBD-AABF-0F7000218C08}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{B410D420-A4E4-41FC-96A1-B68BBFCAABC5}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{C92C0376-9DEB-43C6-A02E-047DAD4E2C19}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{E329D5FB-C87A-44FF-9C89-772424754FA8}C:\program files\steam\steamapps\slyshift\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\slyshift\counter-strike source\hl2.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{00D8A43D-4FE6-7AF1-FE10-05B87B07831E}" = CCC Help English
"{043641A4-F4D1-02B6-FFAA-136789EA576A}" = Skins
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{17DB2BEE-2FD6-456F-5E5D-C38DB1ABC8B5}" = ccc-core-static
"{190E76A9-B26C-10C3-4A24-69AD81012067}" = ccc-utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B540E44-8382-4899-B481-1E2E02E38F3E}" = 4660_4680_Help
"{471D55BB-00D1-F4C9-DDC5-BD8B848E204C}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{61CF256E-CC63-4A4C-97CC-A48411054D60}" = HP OfficeJet J4600 All-In-One Series
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{7C84E006-D044-4441-A294-E318B147476C}" = VLC iPhone Connection Utility
"{80732880-FEE7-64BD-A213-1B5EE5D623B7}" = ATI Catalyst Install Manager
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CBD3538-4A61-7040-A989-D5CAEEABB12C}" = Catalyst Control Center Localization All
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}" = Anno 1701 - Der Fluch des Drachen
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DB192F7-BABD-9205-4F47-69BFC5CE12AB}" = Catalyst Control Center Graphics Previews Vista
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B629CD93-A629-4A9F-8B6E-218E741A316E}" = BPDSoftware_Ini
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB800D0F-80E8-4E79-8423-09908CF1DB07}" = J4600_Basic
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D02A3DBC-6A86-2FB3-699F-6F95BD7A811E}" = Catalyst Control Center Graphics Full New
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DCE9C52A-95DD-4075-9FC6-3313FB8748A5}" = BPDSoftware
"{DF0D3C2E-11B5-7937-7929-06EC35FF760D}" = Catalyst Control Center Core Implementation
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E81BE8F9-E988-4531-08C5-4D03FE2F774F}" = Catalyst Control Center Graphics Full Existing
"{EC7FE03D-239A-4E36-9907-0E327922D2A2}" = bpd_scan
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FD14A51B-2206-D07A-A610-8EBCA8D611A3}" = Catalyst Control Center Graphics Light
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alice" = Alice-Installationsdateien entfernen
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"cdrtools Frontend_is1" = cdrtfe 1.3.2
"Cradle of Rome" = Cradle of Rome (remove only)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ExpressBurn" = Express Burn Uninstall
"ExpressRip" = Express Rip Uninstall
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"GameSpy Arcade" = GameSpy Arcade
"Golden" = Golden Records Vinyl to CD Converter
"Google Updater" = Google Updater
"GSC" = GSC (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IrfanView" = IrfanView (remove only)
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"ProInst" = Intel(R) PROSet/Wireless Software
"PunkBusterSvc" = PunkBuster Services
"SoundTap" = SoundTap Streaming Audio Recorder
"Steam App 240" = Counter-Strike: Source
"Switch" = Switch Uninstall
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TightVNC_is1" = TightVNC 1.3.10
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual Villagers" = Virtual Villagers (remove only)
"VLC media player" = VLC media player 0.9.6
"Warcraft III" = Warcraft III
"WavePad" = WavePad Sound Editor
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 10.01.2011 14:36:04 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 530762
 
Error - 10.01.2011 14:36:04 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 530762
 
Error - 10.01.2011 14:36:20 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10.01.2011 14:36:20 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 546378
 
Error - 10.01.2011 14:36:20 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 546378
 
Error - 10.01.2011 14:36:35 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10.01.2011 14:36:35 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 561993
 
Error - 10.01.2011 14:36:35 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 561993
 
Error - 10.01.2011 14:39:20 | Computer Name = Melanie-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 10.01.2011 15:16:32 | Computer Name = Melanie-PC | Source = WerSvc | ID = 5007
Description = 
 
[ Media Center Events ]
Error - 23.09.2009 10:04:24 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 23.09.2009 10:06:02 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 24.09.2009 09:11:33 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 24.09.2009 09:12:47 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 24.09.2009 09:29:51 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 07.02.2010 12:37:22 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 11.03.2010 06:26:24 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 17.06.2010 09:43:14 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
Error - 17.06.2010 09:43:27 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 17.06.2010 09:45:00 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
[ System Events ]
Error - 20.01.2011 13:59:18 | Computer Name = Melanie-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 20.01.2011 13:59:57 | Computer Name = Melanie-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 20.01.2011 14:00:11 | Computer Name = Melanie-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 23.01.2011 05:24:08 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 23.01.2011 18:00:58 | Computer Name = Melanie-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.50 für die Netzwerkkarte mit der Netzwerkadresse
 001CBF5465E2 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 25.01.2011 03:30:45 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 26.01.2011 07:52:18 | Computer Name = Melanie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 26.01.2011 um 12:50:39 unerwartet heruntergefahren.
 
Error - 29.01.2011 13:00:18 | Computer Name = Melanie-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02.02.2011 21:23:07 | Computer Name = Melanie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.02.2011 um 02:21:07 unerwartet heruntergefahren.
 
Error - 03.02.2011 09:07:31 | Computer Name = Melanie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.02.2011 um 03:55:19 unerwartet heruntergefahren.
 
 
< End of report >
Dieser Beitrag wurde am 04.02.2011 um 12:34 Uhr von alleshab editiert.
Seitenanfang Seitenende
04.02.2011, 12:31
alleshab
Member

Themenstarter

Beiträge: 35
#4 aus der zwischenablage:

Code

OTL Extras logfile created on: 04.02.2011 02:52:51 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Melanie\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147,38 Gb Total Space | 68,44 Gb Free Space | 46,44% Space Free | Partition Type: NTFS
Drive D: | 73,69 Gb Total Space | 73,56 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
Drive F: | 149,00 Gb Total Space | 101,31 Gb Free Space | 67,99% Space Free | Partition Type: FAT32
 
Computer Name: MELANIE-PC | User Name: Melanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049E0A3D-DB65-422E-A180-F8F790DA02F2}" = lport=6112 | protocol=6 | dir=in | name=warcraft3 | 
"{15CDEE99-6E62-4BE3-878E-821462894C51}" = rport=139 | protocol=6 | dir=out | app=system | 
"{25435FCF-48B5-45F9-B412-DB128DB353E8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5434E92E-D34D-4AE3-B656-02E3CC9BE153}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5C36E5BE-1C4A-4B31-8DAA-CB5D83A06372}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{640AD16E-5E5C-4863-B14E-C9B506000522}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6EA9B074-D4D4-4048-97E7-3C0B1F2B8BD0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{73655FE8-417E-4302-875C-47532271573A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{79AAE10A-61BD-4355-A5E7-D7858ACFDAAD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A0184C49-2AF6-4EA7-9238-F1F0BF497516}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B36C1E9B-1A2F-4384-B3EA-F8E7492197A0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D8B71086-3094-45D9-9E81-BBB68A930073}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E501CEA4-7CB8-42E0-86BB-95A08186275E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E583571A-352B-42E5-815A-27158C93E583}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F04A402E-2D8D-4DA0-936A-3DF3D7F18080}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F360D9E9-9069-413E-B947-EF9C1FA414CD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FB990C11-9B8C-4CD3-872E-7D2E0D3CD8D5}" = lport=138 | protocol=17 | dir=in | app=system | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07038D30-DE4F-477F-B380-3A3B15E48032}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0DDCA06E-47DB-44B2-B12D-9E15434D19ED}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{102C1ACE-70E1-4B91-95B5-DC056C49497C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{10F9F2A6-649C-4AD5-8DD1-57CC3E06648D}" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"{12F9D2EE-DF96-486C-A73A-7EA6F8026ABD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1925DC04-1DB8-4F5C-940E-8564592A3F41}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{1EE34640-E249-452A-B43F-CB1ABDDB2E70}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{2DC3C711-7D38-445E-B272-73A52CF868BB}" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701addon.exe | 
"{2E7820AB-6045-49AD-BB6E-00AD9E6D4588}" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701addon.exe | 
"{3DC3B1DA-E0F3-40B6-9417-19D7797526C9}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{40E0DF9C-89C0-4C1F-85DC-815BFB897283}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6EC27E18-54FB-4E45-B8AA-70EB4282336A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{74BC7FFB-8672-44B3-9B4A-F7473E24BEA0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{74F10297-F310-49C2-9E56-81786FFB2C48}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{771DA5A7-46EB-4A98-897C-32BFFE7F11A4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{7A9E18DE-A780-4F62-9F5F-388C0E5F984D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{7DFAEBF5-81A8-4331-90AD-A7962FE0B730}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{7EA7FDBE-6467-4C91-A33E-DD61AE0018E7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{801328EE-B7A9-49B2-AA12-1DBBFBA2362A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{880B134D-F78F-4530-994B-1615CD0F19D6}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe | 
"{8BDB8892-CB8A-47F9-8B0E-BA2E241B884C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{91AA477B-115A-4076-88D8-6C468F15759E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{91F01A6E-5B68-4173-95AE-E38485A24A4F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{93F45909-B665-4E89-98F2-F3C83BEC5216}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{97FF9C3B-7D92-4A07-86AB-094BC347A366}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{999DB2EA-3194-42B8-A69C-9FE730C9BB84}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{99F3EDFD-C6F0-431A-9687-B4E8954849A6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9AE08BE5-8E58-49F1-89ED-CAAC99014990}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9CC6C1AB-C016-49EA-BCCF-E6B10077093B}" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"{B500B7D7-563A-4D23-AD25-D8C4FC327CBF}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{BB7306E4-610D-42D5-85A6-B90E6BE71A2C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DB0136F2-793F-45F5-A52B-BCECAD529242}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{F578E3A1-E294-4A6D-B383-8C5188E45426}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{FC063F8E-9D0E-4D9A-B723-D53CEA378CCF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{FD3E9169-CEF7-4AFE-A35A-A65946C547AC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"TCP Query User{0B4678C8-3FB2-4568-A441-73DD9F03BFF7}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{1B82C26E-AEED-4445-9CCB-281B865151CB}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{583A887B-0D60-4E7E-AF2B-30597A305B1B}C:\program files\tightvnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files\tightvnc\winvnc.exe | 
"TCP Query User{6B641BBF-BB36-4EC3-AE9D-1E2D7FB94B7D}C:\program files\steam\steamapps\ozzy2000\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\ozzy2000\counter-strike source\hl2.exe | 
"TCP Query User{7248DDCF-9F18-4EE1-BD81-B082312A3FA1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{A1B7CAB8-74C6-435D-ABE1-F8CF7680149A}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{D499D9F1-8C8D-474A-BBA3-25B567B42409}C:\program files\steam\steamapps\slyshift\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\slyshift\counter-strike source\hl2.exe | 
"TCP Query User{D4C78C85-C71F-4AB8-8749-C0FF57A5C6E5}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{E22E9C52-4790-4207-A0DB-7760CF83CA3B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E64AB10E-E745-4CDF-8988-C2D08FA4F071}G:\festplatte\azureus\azureus.exe" = protocol=6 | dir=in | app=g:\festplatte\azureus\azureus.exe | 
"UDP Query User{0A334097-32DA-4D6A-9FA4-E6DFE94CC877}G:\festplatte\azureus\azureus.exe" = protocol=17 | dir=in | app=g:\festplatte\azureus\azureus.exe | 
"UDP Query User{3580210C-DF9F-4CD7-BC1F-0B08B7624C14}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{469F73F5-7ED6-4759-A012-331D8A344082}C:\program files\steam\steamapps\ozzy2000\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\ozzy2000\counter-strike source\hl2.exe | 
"UDP Query User{4FD36FDB-CE59-4ECC-899A-DF92000F4310}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{64E910F5-E0FD-4E26-870C-0F0528936A4A}C:\program files\tightvnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files\tightvnc\winvnc.exe | 
"UDP Query User{82EB6AF0-099E-4AA6-90AB-250A8BE20730}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{A7791C75-5113-4CBD-AABF-0F7000218C08}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{B410D420-A4E4-41FC-96A1-B68BBFCAABC5}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{C92C0376-9DEB-43C6-A02E-047DAD4E2C19}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{E329D5FB-C87A-44FF-9C89-772424754FA8}C:\program files\steam\steamapps\slyshift\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\slyshift\counter-strike source\hl2.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{00D8A43D-4FE6-7AF1-FE10-05B87B07831E}" = CCC Help English
"{043641A4-F4D1-02B6-FFAA-136789EA576A}" = Skins
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{17DB2BEE-2FD6-456F-5E5D-C38DB1ABC8B5}" = ccc-core-static
"{190E76A9-B26C-10C3-4A24-69AD81012067}" = ccc-utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B540E44-8382-4899-B481-1E2E02E38F3E}" = 4660_4680_Help
"{471D55BB-00D1-F4C9-DDC5-BD8B848E204C}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{61CF256E-CC63-4A4C-97CC-A48411054D60}" = HP OfficeJet J4600 All-In-One Series
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{7C84E006-D044-4441-A294-E318B147476C}" = VLC iPhone Connection Utility
"{80732880-FEE7-64BD-A213-1B5EE5D623B7}" = ATI Catalyst Install Manager
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CBD3538-4A61-7040-A989-D5CAEEABB12C}" = Catalyst Control Center Localization All
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}" = Anno 1701 - Der Fluch des Drachen
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DB192F7-BABD-9205-4F47-69BFC5CE12AB}" = Catalyst Control Center Graphics Previews Vista
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B629CD93-A629-4A9F-8B6E-218E741A316E}" = BPDSoftware_Ini
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB800D0F-80E8-4E79-8423-09908CF1DB07}" = J4600_Basic
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D02A3DBC-6A86-2FB3-699F-6F95BD7A811E}" = Catalyst Control Center Graphics Full New
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DCE9C52A-95DD-4075-9FC6-3313FB8748A5}" = BPDSoftware
"{DF0D3C2E-11B5-7937-7929-06EC35FF760D}" = Catalyst Control Center Core Implementation
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E81BE8F9-E988-4531-08C5-4D03FE2F774F}" = Catalyst Control Center Graphics Full Existing
"{EC7FE03D-239A-4E36-9907-0E327922D2A2}" = bpd_scan
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FD14A51B-2206-D07A-A610-8EBCA8D611A3}" = Catalyst Control Center Graphics Light
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alice" = Alice-Installationsdateien entfernen
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"cdrtools Frontend_is1" = cdrtfe 1.3.2
"Cradle of Rome" = Cradle of Rome (remove only)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ExpressBurn" = Express Burn Uninstall
"ExpressRip" = Express Rip Uninstall
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"GameSpy Arcade" = GameSpy Arcade
"Golden" = Golden Records Vinyl to CD Converter
"Google Updater" = Google Updater
"GSC" = GSC (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IrfanView" = IrfanView (remove only)
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"ProInst" = Intel(R) PROSet/Wireless Software
"PunkBusterSvc" = PunkBuster Services
"SoundTap" = SoundTap Streaming Audio Recorder
"Steam App 240" = Counter-Strike: Source
"Switch" = Switch Uninstall
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TightVNC_is1" = TightVNC 1.3.10
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual Villagers" = Virtual Villagers (remove only)
"VLC media player" = VLC media player 0.9.6
"Warcraft III" = Warcraft III
"WavePad" = WavePad Sound Editor
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 10.01.2011 14:36:04 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 530762
 
Error - 10.01.2011 14:36:04 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 530762
 
Error - 10.01.2011 14:36:20 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10.01.2011 14:36:20 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 546378
 
Error - 10.01.2011 14:36:20 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 546378
 
Error - 10.01.2011 14:36:35 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10.01.2011 14:36:35 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 561993
 
Error - 10.01.2011 14:36:35 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 561993
 
Error - 10.01.2011 14:39:20 | Computer Name = Melanie-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 10.01.2011 15:16:32 | Computer Name = Melanie-PC | Source = WerSvc | ID = 5007
Description = 
 
[ Media Center Events ]
Error - 23.09.2009 10:04:24 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 23.09.2009 10:06:02 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 24.09.2009 09:11:33 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 24.09.2009 09:12:47 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 24.09.2009 09:29:51 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 07.02.2010 12:37:22 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 11.03.2010 06:26:24 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 17.06.2010 09:43:14 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
Error - 17.06.2010 09:43:27 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 17.06.2010 09:45:00 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
[ System Events ]
Error - 20.01.2011 13:59:18 | Computer Name = Melanie-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 20.01.2011 13:59:57 | Computer Name = Melanie-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 20.01.2011 14:00:11 | Computer Name = Melanie-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 23.01.2011 05:24:08 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 23.01.2011 18:00:58 | Computer Name = Melanie-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.50 für die Netzwerkkarte mit der Netzwerkadresse
 001CBF5465E2 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 25.01.2011 03:30:45 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 26.01.2011 07:52:18 | Computer Name = Melanie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 26.01.2011 um 12:50:39 unerwartet heruntergefahren.
 
Error - 29.01.2011 13:00:18 | Computer Name = Melanie-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02.02.2011 21:23:07 | Computer Name = Melanie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.02.2011 um 02:21:07 unerwartet heruntergefahren.
 
Error - 03.02.2011 09:07:31 | Computer Name = Melanie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.02.2011 um 03:55:19 unerwartet heruntergefahren.
 
 
< End of report >
gmer scan:

Code

OTL Extras logfile created on: 04.02.2011 02:52:51 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Melanie\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147,38 Gb Total Space | 68,44 Gb Free Space | 46,44% Space Free | Partition Type: NTFS
Drive D: | 73,69 Gb Total Space | 73,56 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
Drive F: | 149,00 Gb Total Space | 101,31 Gb Free Space | 67,99% Space Free | Partition Type: FAT32
 
Computer Name: MELANIE-PC | User Name: Melanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049E0A3D-DB65-422E-A180-F8F790DA02F2}" = lport=6112 | protocol=6 | dir=in | name=warcraft3 | 
"{15CDEE99-6E62-4BE3-878E-821462894C51}" = rport=139 | protocol=6 | dir=out | app=system | 
"{25435FCF-48B5-45F9-B412-DB128DB353E8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5434E92E-D34D-4AE3-B656-02E3CC9BE153}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5C36E5BE-1C4A-4B31-8DAA-CB5D83A06372}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{640AD16E-5E5C-4863-B14E-C9B506000522}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6EA9B074-D4D4-4048-97E7-3C0B1F2B8BD0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{73655FE8-417E-4302-875C-47532271573A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{79AAE10A-61BD-4355-A5E7-D7858ACFDAAD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A0184C49-2AF6-4EA7-9238-F1F0BF497516}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B36C1E9B-1A2F-4384-B3EA-F8E7492197A0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D8B71086-3094-45D9-9E81-BBB68A930073}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E501CEA4-7CB8-42E0-86BB-95A08186275E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E583571A-352B-42E5-815A-27158C93E583}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F04A402E-2D8D-4DA0-936A-3DF3D7F18080}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F360D9E9-9069-413E-B947-EF9C1FA414CD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FB990C11-9B8C-4CD3-872E-7D2E0D3CD8D5}" = lport=138 | protocol=17 | dir=in | app=system | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07038D30-DE4F-477F-B380-3A3B15E48032}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0DDCA06E-47DB-44B2-B12D-9E15434D19ED}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{102C1ACE-70E1-4B91-95B5-DC056C49497C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{10F9F2A6-649C-4AD5-8DD1-57CC3E06648D}" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"{12F9D2EE-DF96-486C-A73A-7EA6F8026ABD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1925DC04-1DB8-4F5C-940E-8564592A3F41}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{1EE34640-E249-452A-B43F-CB1ABDDB2E70}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{2DC3C711-7D38-445E-B272-73A52CF868BB}" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701addon.exe | 
"{2E7820AB-6045-49AD-BB6E-00AD9E6D4588}" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701addon.exe | 
"{3DC3B1DA-E0F3-40B6-9417-19D7797526C9}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{40E0DF9C-89C0-4C1F-85DC-815BFB897283}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6EC27E18-54FB-4E45-B8AA-70EB4282336A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{74BC7FFB-8672-44B3-9B4A-F7473E24BEA0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{74F10297-F310-49C2-9E56-81786FFB2C48}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{771DA5A7-46EB-4A98-897C-32BFFE7F11A4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{7A9E18DE-A780-4F62-9F5F-388C0E5F984D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{7DFAEBF5-81A8-4331-90AD-A7962FE0B730}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{7EA7FDBE-6467-4C91-A33E-DD61AE0018E7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{801328EE-B7A9-49B2-AA12-1DBBFBA2362A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{880B134D-F78F-4530-994B-1615CD0F19D6}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe | 
"{8BDB8892-CB8A-47F9-8B0E-BA2E241B884C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{91AA477B-115A-4076-88D8-6C468F15759E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{91F01A6E-5B68-4173-95AE-E38485A24A4F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{93F45909-B665-4E89-98F2-F3C83BEC5216}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{97FF9C3B-7D92-4A07-86AB-094BC347A366}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{999DB2EA-3194-42B8-A69C-9FE730C9BB84}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{99F3EDFD-C6F0-431A-9687-B4E8954849A6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9AE08BE5-8E58-49F1-89ED-CAAC99014990}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9CC6C1AB-C016-49EA-BCCF-E6B10077093B}" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"{B500B7D7-563A-4D23-AD25-D8C4FC327CBF}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{BB7306E4-610D-42D5-85A6-B90E6BE71A2C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DB0136F2-793F-45F5-A52B-BCECAD529242}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{F578E3A1-E294-4A6D-B383-8C5188E45426}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{FC063F8E-9D0E-4D9A-B723-D53CEA378CCF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{FD3E9169-CEF7-4AFE-A35A-A65946C547AC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"TCP Query User{0B4678C8-3FB2-4568-A441-73DD9F03BFF7}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{1B82C26E-AEED-4445-9CCB-281B865151CB}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{583A887B-0D60-4E7E-AF2B-30597A305B1B}C:\program files\tightvnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files\tightvnc\winvnc.exe | 
"TCP Query User{6B641BBF-BB36-4EC3-AE9D-1E2D7FB94B7D}C:\program files\steam\steamapps\ozzy2000\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\ozzy2000\counter-strike source\hl2.exe | 
"TCP Query User{7248DDCF-9F18-4EE1-BD81-B082312A3FA1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{A1B7CAB8-74C6-435D-ABE1-F8CF7680149A}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{D499D9F1-8C8D-474A-BBA3-25B567B42409}C:\program files\steam\steamapps\slyshift\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\slyshift\counter-strike source\hl2.exe | 
"TCP Query User{D4C78C85-C71F-4AB8-8749-C0FF57A5C6E5}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{E22E9C52-4790-4207-A0DB-7760CF83CA3B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E64AB10E-E745-4CDF-8988-C2D08FA4F071}G:\festplatte\azureus\azureus.exe" = protocol=6 | dir=in | app=g:\festplatte\azureus\azureus.exe | 
"UDP Query User{0A334097-32DA-4D6A-9FA4-E6DFE94CC877}G:\festplatte\azureus\azureus.exe" = protocol=17 | dir=in | app=g:\festplatte\azureus\azureus.exe | 
"UDP Query User{3580210C-DF9F-4CD7-BC1F-0B08B7624C14}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{469F73F5-7ED6-4759-A012-331D8A344082}C:\program files\steam\steamapps\ozzy2000\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\ozzy2000\counter-strike source\hl2.exe | 
"UDP Query User{4FD36FDB-CE59-4ECC-899A-DF92000F4310}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{64E910F5-E0FD-4E26-870C-0F0528936A4A}C:\program files\tightvnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files\tightvnc\winvnc.exe | 
"UDP Query User{82EB6AF0-099E-4AA6-90AB-250A8BE20730}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{A7791C75-5113-4CBD-AABF-0F7000218C08}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{B410D420-A4E4-41FC-96A1-B68BBFCAABC5}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{C92C0376-9DEB-43C6-A02E-047DAD4E2C19}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{E329D5FB-C87A-44FF-9C89-772424754FA8}C:\program files\steam\steamapps\slyshift\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\slyshift\counter-strike source\hl2.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{00D8A43D-4FE6-7AF1-FE10-05B87B07831E}" = CCC Help English
"{043641A4-F4D1-02B6-FFAA-136789EA576A}" = Skins
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{17DB2BEE-2FD6-456F-5E5D-C38DB1ABC8B5}" = ccc-core-static
"{190E76A9-B26C-10C3-4A24-69AD81012067}" = ccc-utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B540E44-8382-4899-B481-1E2E02E38F3E}" = 4660_4680_Help
"{471D55BB-00D1-F4C9-DDC5-BD8B848E204C}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{61CF256E-CC63-4A4C-97CC-A48411054D60}" = HP OfficeJet J4600 All-In-One Series
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{7C84E006-D044-4441-A294-E318B147476C}" = VLC iPhone Connection Utility
"{80732880-FEE7-64BD-A213-1B5EE5D623B7}" = ATI Catalyst Install Manager
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CBD3538-4A61-7040-A989-D5CAEEABB12C}" = Catalyst Control Center Localization All
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}" = Anno 1701 - Der Fluch des Drachen
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DB192F7-BABD-9205-4F47-69BFC5CE12AB}" = Catalyst Control Center Graphics Previews Vista
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B629CD93-A629-4A9F-8B6E-218E741A316E}" = BPDSoftware_Ini
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB800D0F-80E8-4E79-8423-09908CF1DB07}" = J4600_Basic
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D02A3DBC-6A86-2FB3-699F-6F95BD7A811E}" = Catalyst Control Center Graphics Full New
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DCE9C52A-95DD-4075-9FC6-3313FB8748A5}" = BPDSoftware
"{DF0D3C2E-11B5-7937-7929-06EC35FF760D}" = Catalyst Control Center Core Implementation
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E81BE8F9-E988-4531-08C5-4D03FE2F774F}" = Catalyst Control Center Graphics Full Existing
"{EC7FE03D-239A-4E36-9907-0E327922D2A2}" = bpd_scan
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FD14A51B-2206-D07A-A610-8EBCA8D611A3}" = Catalyst Control Center Graphics Light
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alice" = Alice-Installationsdateien entfernen
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"cdrtools Frontend_is1" = cdrtfe 1.3.2
"Cradle of Rome" = Cradle of Rome (remove only)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ExpressBurn" = Express Burn Uninstall
"ExpressRip" = Express Rip Uninstall
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"GameSpy Arcade" = GameSpy Arcade
"Golden" = Golden Records Vinyl to CD Converter
"Google Updater" = Google Updater
"GSC" = GSC (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IrfanView" = IrfanView (remove only)
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"ProInst" = Intel(R) PROSet/Wireless Software
"PunkBusterSvc" = PunkBuster Services
"SoundTap" = SoundTap Streaming Audio Recorder
"Steam App 240" = Counter-Strike: Source
"Switch" = Switch Uninstall
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TightVNC_is1" = TightVNC 1.3.10
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual Villagers" = Virtual Villagers (remove only)
"VLC media player" = VLC media player 0.9.6
"Warcraft III" = Warcraft III
"WavePad" = WavePad Sound Editor
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 10.01.2011 14:36:04 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 530762
 
Error - 10.01.2011 14:36:04 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 530762
 
Error - 10.01.2011 14:36:20 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10.01.2011 14:36:20 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 546378
 
Error - 10.01.2011 14:36:20 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 546378
 
Error - 10.01.2011 14:36:35 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10.01.2011 14:36:35 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 561993
 
Error - 10.01.2011 14:36:35 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 561993
 
Error - 10.01.2011 14:39:20 | Computer Name = Melanie-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 10.01.2011 15:16:32 | Computer Name = Melanie-PC | Source = WerSvc | ID = 5007
Description = 
 
[ Media Center Events ]
Error - 23.09.2009 10:04:24 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 23.09.2009 10:06:02 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 24.09.2009 09:11:33 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 24.09.2009 09:12:47 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 24.09.2009 09:29:51 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 07.02.2010 12:37:22 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 11.03.2010 06:26:24 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 17.06.2010 09:43:14 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
Error - 17.06.2010 09:43:27 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 17.06.2010 09:45:00 | Computer Name = Melanie-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
[ System Events ]
Error - 20.01.2011 13:59:18 | Computer Name = Melanie-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 20.01.2011 13:59:57 | Computer Name = Melanie-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 20.01.2011 14:00:11 | Computer Name = Melanie-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 23.01.2011 05:24:08 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 23.01.2011 18:00:58 | Computer Name = Melanie-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.50 für die Netzwerkkarte mit der Netzwerkadresse
 001CBF5465E2 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 25.01.2011 03:30:45 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 26.01.2011 07:52:18 | Computer Name = Melanie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 26.01.2011 um 12:50:39 unerwartet heruntergefahren.
 
Error - 29.01.2011 13:00:18 | Computer Name = Melanie-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02.02.2011 21:23:07 | Computer Name = Melanie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.02.2011 um 02:21:07 unerwartet heruntergefahren.
 
Error - 03.02.2011 09:07:31 | Computer Name = Melanie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.02.2011 um 03:55:19 unerwartet heruntergefahren.
 
 
< End of report >
Dieser Beitrag wurde am 04.02.2011 um 12:37 Uhr von alleshab editiert.
Seitenanfang Seitenende
04.02.2011, 12:39
alleshab
Member

Themenstarter

Beiträge: 35
#5 das unerwartete runterfahren liegt denk ich daran das des hier nen laptop ist und ab und an der ohne aufladekabel läuft
Seitenanfang Seitenende
04.02.2011, 21:42
Swisstreasure
Moderator

Beiträge: 5694
#6 ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte
während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking
und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
• Dein Anti-Virus-Programm während des Scans deaktivieren.
• Button drücken.Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User: müssen das Installieren eines ActiveX Elements erlauben.
• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Remove found threads" und "Scan archives".• drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde

• Klicke Finish.• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
• Logfile hier posten.
Seitenanfang Seitenende
05.02.2011, 18:44
alleshab
Member

Themenstarter

Beiträge: 35
#7

Code

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=9a6e8b39630b4f4c84af237fd08bf28b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-05 01:10:17
# local_time=2011-02-05 02:10:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT 
# compatibility_mode=1797 16775141 100 100 0 72420296 76345 0
# compatibility_mode=5892 16776573 100 100 92319 134437717 0 0
# compatibility_mode=7937 16777214 0 25 6438520 6438520 0 0
# compatibility_mode=8192 67108863 100 0 4074 4074 0 0
# scanned=150893
# found=0
# cleaned=0
# scan_time=6449
ob mein rechner nun sauber ist???
weil des soll ja nen trojaner sein der Tan nummern beim onlinebanking ausspioniert soweit ich weiß und auch recht hartnäckig sein...
Seitenanfang Seitenende
07.02.2011, 18:33
Swisstreasure
Moderator

Beiträge: 5694
#8 Hast Du denn jetzt noch Probleme?
Seitenanfang Seitenende
08.02.2011, 02:08
alleshab
Member

Themenstarter

Beiträge: 35
#9 nein, ich danke für die hilfe!
Seitenanfang Seitenende
08.02.2011, 19:29
Swisstreasure
Moderator

Beiträge: 5694
#10 Nachsorge


Um Dein System vor Malware zu schützen, gebe ich Dir im Anschluss eine Kurzversion mit Tipps und Hinweisen auf Tools, die Dir helfen werden, Dein System abzusichern und in Zukunft frei von Infektionen zu halten. Wenn Dein System infiziert war, rate ich Dir, Deine Passwörter zu ändern. Bitte betrachte die Tipps als Vorschläge und nicht als Nonplusultra ;).

Erstelle einen neuen Systemwiederherstellungspunkt

Das ist ein guter Zeitpunkt, die Systemwiederherstellung zu leeren und einen neuen sauberen Wiederherstellungspunkt zu erstellen (Anleitung für Vista-User).
• Start => Alle Programme => Zubehör => Systemprogramme => Systemwiederherstellung
• Wähle "Einen Wiederherstellungspunkt erstellen" => Weiter
• Gebe als Beschreibung z. B. "Nach_Bereinigung" ein => Erstellen => Schließen.
• Nun Start => Ausführen => cleanmgr (reinschreiben) => OK => Reiter Weitere Optionen
• Klicke unter Systemwiederherstellung auf Bereinigen und bestätige das Löschen mit Ja => OK.
Das wird alle Wiederherstellungspunkte bis auf den letzten neu erstellten löschen.

Diesen Punkt kannst Du weglassen, falls Du das System gerade neu aufgesetzt hast oder Combofix benutzt und ordentlich deinstalliert wurde, da Combofix das schon erledigt.

Massnahmen:

Um Dein System vor Malware zu schützen, gebe ich Dir im Anschluss eine Kurzversion mit Tipps und Hinweisen auf Tools, die Dir helfen werden, Dein System abzusichern und in Zukunft frei von Infektionen zu halten. Wenn Dein System infiziert war, rate ich Dir, Deine Passwörter zu ändern. Bitte betrachte die Tipps als Vorschläge und nicht als Nonplusultra ;).

Falls bei Dir noch nicht installiert, solltest Du Dir die folgenden Programme installieren. Spybot Search&Destroy ist ein gutes Tool, welches bösartige Software sucht und unschädlich macht. Bei der Installation darauf achten, dass der TeaTimer nicht aktiviert wird. Lasse das Tool in regelmäßige Abständen (z. B. einmal pro Woche) laufen und lasse vor der Überprüfung immer nach Updates suchen, Details siehe ausführliche Anleitung. Um Dein System frei von temporären Dateien zu halten, empfehle ich [url="http://www.CCleaner.de"]CCleaner[/url], (Toolbar nicht mitinstallieren) eine Freeware-Software zur Optimierung und zum Aufräumen von Windows, Einzelheiten siehe die Anleitung von Hijackthis-Forum.de. Bei Java (Sun) immer nur die aktuellste Version auf dem Rechner haben, alle anderen deinstallieren.

Verwende einen alternativen Browser, ich empfehle Firefox. Es gibt eine große Anzahl von Erweiterungen, wie z. B. Adblock Plus und NoScript. Mit der Erweiterung IE Tab ist sogar das Windows- und Office-Upate über Firefox möglich. Die Erweiterung QuickJava sorgt dafür, dass Du Java und Java-Skript nur bei Bedarf einschalten kannst. Eine alternatives E-Mail-Programm ist Thunderbird. Auch dafür gibt es viele sehr gute Erweiterungen.

Als Alternative für die ganzen Messenger kommen Miranda-IM oder Trillian infrage. Miranda ist ein malwarefreier OpenSource Instant-Messenger, der mit Protokollen von AOL, ICQ, IRC, MSN und Yahoo zusammen arbeitet. Mit dem ebenfalls malwarefreien Trillian kannst du mit Nutzern von ICQ, AIM, Yahoo Messenger, MSN und IRC chatten.

"Wie konnte die Malware auf meinen Rechner kommen?", ist die wohl am häufigsten gestellte Frage. Malware gelangt in erster Linie über sogenannte Browser Exploits auf einen Rechner, also über Sicherheitslücken im Browser selbst. Weitere Schleusen sind E-Mail-Anhänge, Lecks im Betriebssystem oder Dateidownloads aus unsicheren Quellen.

Durch Einsatz Deines Köpfchens und folgende simple Maßnahmen kannst Du den Schutz optimieren:

• System immer auf aktuellem Stand halten (Windows Update regelmäßig machen und Software aktualisieren).
• Programme wenn möglich "benutzerdefiniert" installieren und Toolbars und Sponsoren abwählen.
• Internet Explorer sicher konfigurieren.
• Nur Original-Software nutzen und auf Programme aus dubiosen Quellen konsequent verzichten.
• Programme, die Du nicht mehr nutzt, über Systemsteuerung => Software entfernen/deinstallieren.
• Nicht alles anklicken, wo klickmich draufsteht!
• Gesunden Menschenverstand und Vorsicht walten lassen,
• insbesondere bei Dateien, die Du Dir auf den PC holst, also E-Mails, Downloads etc.,
• am besten auf Filesharing über P2P-Programme ganz verzichten.
• Router durch Vergabe eines Kennwortes vor Änderungen von außen schützen.
• Nicht benötigte Dienste und Programme gar nicht erst starten.
Bezüglich der Dienste ist es allerdings nötig, sich damit ausführlich zu beschäftigen, ansonsten die Dienste lieber lassen, wie sie sind.
• Nicht benötigte "Ports" (am eventuell vorhandenen DSL-Router), Freigaben u. ä. schließen.
Port-Scan-Test.
WLAN absichern.
Sichere Passwörter vergeben.
• Nicht mehr als einen Virenscanner mit Hintergrundwächter installieren.
• Nicht mehr als ein Antispyware-Programm mit Hintergrundwächter ständig laufen lassen.
• Das System hin und wieder zusätzlich mit einem dieser kostenlosen Online Scanner überprüfen.
• Datensicherung nicht vergessen!
Immer eine saubere Datensicherung als zurückspielbares Image auf Lager haben.


Freiwillige Spende
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1