Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe

Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe


Log-Analyse und Auswertung: Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 05.07.2012, 18:42   #1
XXXLLL
 
Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe - Standard

Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe


Hallo Zusammen,

Von meinem GMX-Account wurde heute ohne mein Zutun eine Mail mit ominösem Link an alle meine Kontakte geschickt. Ich wurde darauf aufmerksam, indem ich eine Benachrichtigung erhalten habe, dass manche der Mails nicht zugestellt werden konnten (e-mail nicht aktuell, Spamschutz)

Nachdem ich eine Warnung an alle Kontakte verfasst hatte, habe ich Passwörter mit Hilfe eines 2. Rechners geändert und mich auf die Suche nach dem Grund gemacht. Dabei ist Malwarebytes auf 4 Programme gestossen (csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe), die nun in der Quarantäne sind.

Habe ich damit den Trojaner/Virenbefall beseitigt, oder muss ich noch weitere Schritte unternehmen? Sind Euch diese Schadprogramme bekannt? Was könnten sie noch angestellt haben, bzw. wo könnte ich mich infiziert haben?

Vielen Dank für Eure Hilfe.


Zu eurer Info hier das Log-file von Malwarebytes sowie OTL:

-------------------------------------------------
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.05.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
XXXLLL :: MYPC [Administrator]

Schutz: Aktiviert

05.07.2012 14:11:19
mbam-log-2012-07-05 (14-11-19).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 742377
Laufzeit: 2 Stunde(n), 22 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\XXXLLL\AppData\Local\Temp\csrss.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Daten: explorer.exe,C:\Users\XXXLLL\AppData\Roaming\dwm.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\XXXLLL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9IOG7C3U\doclhmfmarfwhmfmj[1].exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\XXXLLL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVFK2JLO\info[1].exe (Backdoor.Cycbot.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

-------------------------------------------------

OTL logfile created on: 05.07.2012 18:25:35 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\XXXLLL\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,99 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 60,20% Memory free
7,98 Gb Paging File | 6,12 Gb Available in Paging File | 76,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,32 Gb Total Space | 723,46 Gb Free Space | 77,68% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: MYPC | User Name: XXXLLL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.05 18:12:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\XXXLLL\Downloads\OTL.exe
PRC - [2012.07.05 18:11:59 | 000,050,477 | ---- | M] () -- C:\Users\XXXLLL\Downloads\Defogger.exe
PRC - [2012.06.30 19:24:41 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.12.08 20:01:36 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.11.20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.05.19 18:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.06.10 09:39:54 | 011,415,552 | ---- | M] (ZyXEL Communications Corp.) -- C:\Program Files (x86)\ZyXEL\NWD271N\NWD271N.exe
PRC - [2006.10.27 19:13:54 | 004,493,312 | ---- | M] (Expansion Programs International, Inc.) -- C:\ProgramData\Simulia\Documentation\monitor.exe
PRC - [2004.10.01 15:12:18 | 000,565,309 | ---- | M] (Broadcom Corporation) -- C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe


========== Modules (No Company Name) ==========

MOD - [2012.07.05 18:11:59 | 000,050,477 | ---- | M] () -- C:\Users\XXXLLL\Downloads\Defogger.exe
MOD - [2012.06.30 19:24:41 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2008.06.10 09:39:52 | 000,413,696 | ---- | M] () -- C:\Program Files (x86)\ZyXEL\NWD271N\NICDLL.dll
MOD - [2004.10.01 15:13:12 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\WIDCOMM\Bluetooth Software\btkeyind.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.06.30 19:24:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011.03.21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.08 20:01:36 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.11.20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006.10.27 19:13:54 | 004,493,312 | ---- | M] (Expansion Programs International, Inc.) [Auto | Running] -- C:\ProgramData\Simulia\Documentation\monitor.exe -- (Texis Monitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.12.08 20:01:36 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.20 06:02:32 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E60x64.sys -- (L1E)
DRV:64bit: - [2009.02.06 18:42:12 | 000,061,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008.12.19 05:43:18 | 001,048,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2008.10.03 06:08:28 | 000,225,296 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.06.10 09:39:54 | 000,517,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WLANUHN.sys -- (ZY271NV64) ZyXEL 802.11n NWD271N Driver(vista)
DRV:64bit: - [2008.06.10 09:39:54 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ZDCNDIS6a64.sys -- (ZDCNDIS6a64)
DRV:64bit: - [2008.01.02 13:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver)
DRV:64bit: - [2007.04.20 21:29:52 | 001,037,312 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV:64bit: - [2006.11.28 21:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CBPSp50a64.sys -- (CBPSp50a64)
DRV:64bit: - [2006.11.01 00:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.06.10 09:39:54 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ZDCNDIS6a64.sys -- (ZDCNDIS6a64)
DRV - [2004.10.01 14:50:26 | 000,023,271 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\btserial.sys -- (BTSERIAL)
DRV - [2004.10.01 14:50:20 | 000,222,876 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2004.10.01 14:48:30 | 001,241,482 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\btkrnl.sys -- (BTKRNL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{CE3C0FBC-2505-4E4F-BE5E-E389891E7F4D}: "URL" = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61657

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://eu.ixquick.com/deu/"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61657
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.06.26 12:30:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.30 19:24:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.21 00:01:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.05.08 19:24:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.06.26 12:30:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.30 19:24:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.21 00:01:05 | 000,000,000 | ---D | M]

[2010.12.07 22:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXLLL\AppData\Roaming\mozilla\Extensions
[2010.12.07 22:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXLLL\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.04 19:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXLLL\AppData\Roaming\mozilla\Firefox\Profiles\yh4ez24o.default\extensions
[2011.08.28 19:56:46 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\XXXLLL\AppData\Roaming\mozilla\Firefox\Profiles\yh4ez24o.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.07.23 12:44:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXXLLL\AppData\Roaming\mozilla\Firefox\Profiles\yh4ez24o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.12 23:15:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\XXXLLL\AppData\Roaming\mozilla\Firefox\Profiles\yh4ez24o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.30 00:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.03.03 00:47:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.06.30 19:24:41 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.30 19:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.30 19:24:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.30 19:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.30 19:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.30 19:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.30 19:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_13\bin\jp2ssv.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [conhost] C:\Users\XXXLLL\AppData\Roaming\Microsoft\conhost.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\XXXLLL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXLLL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Senden an &Bluetooth - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\XXXLLL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXLLL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{568187EF-AD8B-4E73-8652-F830317E6289}: DhcpNameServer = 192.168.0.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BBAE320-575C-4516-AE50-32F672FDC1EE}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\widimg - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\Windows\SysWOW64\BTXPPanel.dll (Broadcom Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.18 15:47:14 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{c84741d2-17ac-11e1-85db-000272c3f002}\Shell - "" = AutoRun
O33 - MountPoints2\{c84741d2-17ac-11e1-85db-000272c3f002}\Shell\AutoRun\command - "" = J:\SecureDataUSBDrive.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.05 14:09:18 | 000,000,000 | ---D | C] -- C:\Users\XXXLLL\AppData\Roaming\Malwarebytes
[2012.07.05 14:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.05 14:09:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.05 14:09:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\XXXLLL\Desktop\*.tmp files -> C:\Users\XXXLLL\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.05 18:24:12 | 000,000,000 | ---- | M] () -- C:\Users\XXXLLL\defogger_reenable
[2012.07.05 17:49:39 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.05 17:49:39 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.05 17:46:50 | 001,499,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.05 17:46:50 | 000,653,304 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.05 17:46:50 | 000,615,276 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.05 17:46:50 | 000,131,260 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.05 17:46:50 | 000,107,258 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.05 17:41:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.05 17:41:38 | 3214,737,408 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.05 17:27:18 | 004,459,849 | ---- | M] () -- C:\Users\XXXLLL\Desktop\IMG_0002.pdf
[2012.07.05 16:55:37 | 002,027,969 | ---- | M] () -- C:\Users\XXXLLL\Desktop\IMG_0001.pdf
[2012.07.05 16:20:15 | 000,348,364 | ---- | M] () -- C:\Users\XXXLLL\Desktop\IMG.pdf
[2012.07.01 17:01:24 | 000,001,687 | ---- | M] () -- C:\Users\XXXLLL\Desktop\E-Finance Java.lnk
[2012.06.30 19:22:26 | 513,453,698 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.06.14 03:33:43 | 000,473,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.14 00:36:42 | 000,000,000 | ---- | M] () -- C:\Users\XXXLLL\Desktop\test.stl
[2012.06.13 00:10:49 | 003,741,684 | ---- | M] () -- C:\Users\XXXLLL\Desktop\frosch.stl
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\XXXLLL\Desktop\*.tmp files -> C:\Users\XXXLLL\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.05 18:24:12 | 000,000,000 | ---- | C] () -- C:\Users\XXXLLL\defogger_reenable
[2012.07.05 17:27:25 | 004,459,849 | ---- | C] () -- C:\Users\XXXLLL\Desktop\IMG_0002.pdf
[2012.07.05 16:55:59 | 002,027,969 | ---- | C] () -- C:\Users\XXXLLL\Desktop\IMG_0001.pdf
[2012.07.05 16:28:18 | 000,348,364 | ---- | C] () -- C:\Users\XXXLLL\Desktop\IMG.pdf
[2012.06.13 23:44:46 | 003,741,684 | ---- | C] () -- C:\Users\XXXLLL\Desktop\frosch.stl
[2012.06.05 22:22:21 | 005,071,578 | ---- | C] () -- C:\Users\XXXLLL\Desktop\Girl_head.stl
[2012.05.03 00:14:43 | 000,007,670 | ---- | C] () -- C:\Users\XXXLLL\AppData\Local\Resmon.ResmonCfg
[2011.12.08 00:47:45 | 000,000,586 | ---- | C] () -- C:\Users\XXXLLL\.octave_hist
[2011.12.07 23:05:29 | 000,000,038 | ---- | C] () -- C:\Users\XXXLLL\.lesshst
[2011.06.05 22:04:16 | 000,002,736 | ---- | C] () -- C:\Users\XXXLLL\AppData\Roaming\EC7A.5A5
[2010.11.24 21:56:16 | 000,019,456 | ---- | C] () -- C:\Users\XXXLLL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.19 19:27:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.12 23:20:03 | 000,009,390 | ---- | C] () -- C:\Users\XXXLLL\abaqus_v6.8.gpr
[2009.08.09 17:47:51 | 000,027,528 | ---- | C] () -- C:\Users\XXXLLL\AppData\Roaming\UserTile.png

========== LOP Check ==========

[2011.05.26 00:27:45 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\5571918
[2009.12.29 16:32:14 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\AquaSoft
[2010.09.18 16:03:11 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Autodesk
[2010.02.27 17:58:40 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Canon
[2012.01.22 17:12:55 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009.12.29 16:32:17 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\DassaultSystemes
[2012.07.02 21:02:37 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\DVDVideoSoft
[2011.10.12 23:15:50 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.15 21:46:13 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\GARMIN
[2009.12.29 16:32:17 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\J River
[2012.01.22 15:15:37 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\MAGIX
[2012.05.31 23:04:46 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\MediaMonkey
[2012.03.18 00:08:18 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Mobile Atlas Creator
[2011.06.26 14:02:13 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Nokia
[2011.06.26 14:02:13 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Nokia Ovi Suite
[2009.12.29 16:32:55 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\OpenOffice.org
[2011.05.14 22:03:02 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\PC Suite
[2009.08.09 17:47:51 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\PeerNetworking
[2010.12.07 22:49:47 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Thunderbird
[2009.12.29 16:33:04 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Ulead Systems
[2012.05.26 13:00:47 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

---------------------------------------------------------------

OTL Extras logfile created on: 05.07.2012 18:25:35 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\XXXLLL\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,99 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 60,20% Memory free
7,98 Gb Paging File | 6,12 Gb Available in Paging File | 76,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,32 Gb Total Space | 723,46 Gb Free Space | 77,68% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: MYPC | User Name: XXXLLL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DC3FD4-A721-4C4F-A018-8B3AF463027D}" = rport=445 | protocol=6 | dir=out | app=system |
"{2DEDED3F-6B5A-4B8F-9674-61360F271F0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39A71540-238E-4E10-B143-1D60C06B3DA5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43F1150A-ECFF-490B-A35E-BE5E3CE31FAF}" = lport=137 | protocol=17 | dir=in | app=system |
"{57C7A617-6315-4D37-9E38-79B870230DDB}" = rport=137 | protocol=17 | dir=out | app=system |
"{61E6B53E-899B-4D39-ACF8-98E343A4AB5A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{66713D54-401D-4336-8A22-78C8E8F75D64}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6CD0235E-B18E-49B2-B78A-C50FA6D4F62A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7530E86C-9E6A-498D-8891-523BB5DCF030}" = lport=2869 | protocol=6 | dir=in | app=system |
"{807B303F-0460-48FF-83B8-B5A25B6D77DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C58FBE4-EA07-4284-B0EA-6279F472781F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8D8CB942-34C9-4078-A4E1-B3A6022C02FA}" = rport=139 | protocol=6 | dir=out | app=system |
"{A4350BC6-7363-4C33-90A3-5863CD9AE79C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A76DAB26-16E2-497F-B56A-5D2C6947C063}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{A7D9DEB4-C9DB-4377-BB69-975F9C32681D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AF2D3AD0-8BEA-4FD6-89C4-CE63C0F87A6F}" = lport=445 | protocol=6 | dir=in | app=system |
"{C1C27CCA-E711-405D-A5B7-C2AFF2C57957}" = lport=139 | protocol=6 | dir=in | app=system |
"{C515A402-1EDF-4BC7-A009-CAAB7CC8EA3A}" = rport=138 | protocol=17 | dir=out | app=system |
"{D625448D-A9CE-43D6-B202-2F0BA269FA6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D6C37273-1669-425D-A338-F72FA1E5B274}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7F9BD0D-C075-46A9-9982-B2F2EF158C23}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E39AF3A7-8F7F-4EB4-A203-4BBA6B8324C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F2C48805-7A13-41CE-9203-762C27FA8EED}" = lport=138 | protocol=17 | dir=in | app=system |
"{F81BBF13-29AF-4D49-ABB7-4F42AB08641D}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0587B06E-1EA2-462A-A122-708F413DE8A9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1FFE50FC-5984-43B6-ADD0-A566725FBCEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2011B51A-4A43-4F63-A8D3-CAAC36BFCC7F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{2373D966-B911-492F-97EA-607E74C76EA0}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{2A4AA3C9-09AE-43DF-9408-7F6C0BE74DAF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3224AF8D-F5C1-418B-A686-8AB713369CB8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4AC5DBE2-8343-4EA3-BFC9-7ECD41766D41}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{52B3DB50-6B52-466F-BF5A-FA4A990F9DE5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5C2916BD-C8D0-4E5F-A9F4-ABA99F86E7C3}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{61155993-FEAA-4E0C-84D0-5A53ECB7D60E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{67027E2A-BEA6-4C2C-8968-D2502F3E51BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6D8365A7-932F-4761-8C66-0F59785FDCF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75802EA4-8ECA-4653-80E4-03E923828A1C}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{7C0BF9A9-FEB2-4011-87C3-8AFC99AB827F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E0AD250-6A02-43B4-B6CA-11FBB7EEDD3A}" = protocol=6 | dir=out | app=system |
"{8212A4E7-835D-4A8B-9402-650B2CF18119}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{839F0032-5CE5-4E99-8F6D-ADA031741610}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{8B30D6EC-DAD1-45BC-8B0C-EB0B1DA8CA13}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{8BC9E354-57CD-456C-88DA-D65F0076DE20}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8DC7A4DD-A36A-4642-9F78-40B0A5E2699D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{90DA0958-B5E2-42C4-8674-088CCD029B73}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{989CB802-468A-496E-BB16-1ECF0A158711}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A7896D7-E6ED-4B45-ACCD-DB0798F91979}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F097E4D-877B-40A4-A34A-6DAA64F63CD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A130342E-3ACD-4635-A10A-F78101AD0356}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB268677-8817-49CF-BF01-7DCEDB3A9ACA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B43790F8-C62F-4158-9CAE-A999917B1AB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA277F18-1817-40DF-A9B6-60F3972E595D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C9DC398D-A6E2-4290-8E37-4BB646C55D2A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{CB830483-DDF9-4D6B-A230-1804443574A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D209D572-89DC-42DD-82A2-DC1CF9D4C592}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D40661D4-7A96-4627-9403-6AB1BE2E7A05}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{E53E010A-4AB9-4053-BF37-9D22CA854A6A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F31FF48F-F42D-4393-ACE0-1D2B78AE71CE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{0F99D3BD-5C84-4D90-A15E-638964A11006}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{2022B12E-0BB8-47F3-AE5D-66341EE72E76}C:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe |
"TCP Query User{2FFB6C81-9BF0-42A8-BA63-2A572D22B6BE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{73B86D6B-8C23-4173-AE08-8F5A7A33BE10}C:\users\XXXLLL\appdata\local\temp\i1250107917\windows\resource\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\XXXLLL\appdata\local\temp\i1250107917\windows\resource\jre\bin\javaw.exe |
"TCP Query User{7CB33364-F197-40F3-8795-7F86B3B3A670}C:\programdata\simulia\6.8-2se\exec\abqcaek.exe" = protocol=6 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abqcaek.exe |
"TCP Query User{AFC6F395-91A3-4346-8BF9-DF77FF85E9A8}C:\programdata\simulia\6.8-2se\exec\abqcaek.exe" = protocol=6 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abqcaek.exe |
"TCP Query User{D9CF0CE9-0650-447C-848C-58FDA1C7EA17}C:\programdata\simulia\6.8-2se\exec\abq_pde.exe" = protocol=6 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abq_pde.exe |
"TCP Query User{E88A5824-2606-483F-A86C-978E0C659832}C:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe |
"TCP Query User{EF83B80A-8F8B-48AD-AF1E-00CFC5DE5D24}C:\programdata\simulia\6.8-2se\exec\abqcaeg.exe" = protocol=6 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abqcaeg.exe |
"UDP Query User{1C92403B-B469-462D-AE26-C72CE1BAC72A}C:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe |
"UDP Query User{2C2E05B9-3FA3-483C-A217-654694D72BC6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{4108A891-FFA0-46C5-8806-0EFF0A6B675E}C:\programdata\simulia\6.8-2se\exec\abqcaek.exe" = protocol=17 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abqcaek.exe |
"UDP Query User{486D198E-F6E9-4C9D-A505-2AB44FC0224C}C:\programdata\simulia\6.8-2se\exec\abqcaek.exe" = protocol=17 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abqcaek.exe |
"UDP Query User{5CFD7A5E-D6E0-4BFB-AF55-1E24872E095A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{9071AE47-7096-4430-BA4F-BDE4ABC2F157}C:\programdata\simulia\6.8-2se\exec\abqcaeg.exe" = protocol=17 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abqcaeg.exe |
"UDP Query User{B5A87A34-7D73-4DF4-9912-1C432BACAAD0}C:\users\XXXLLL\appdata\local\temp\i1250107917\windows\resource\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\XXXLLL\appdata\local\temp\i1250107917\windows\resource\jre\bin\javaw.exe |
"UDP Query User{CB128986-834D-4A96-82AD-8682EBBFD7C7}C:\programdata\simulia\6.8-2se\exec\abq_pde.exe" = protocol=17 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abq_pde.exe |
"UDP Query User{D8C46321-5020-4AE4-BF27-8EB9100C7798}C:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{C17EE011-15A9-4542-91FA-567B0F3D123F}" = Windows Live Family Safety
"{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Dassault Systemes B19_0" = Dassault Systemes Software B19
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25CFEF55-A945-41FC-86ED-76469F31DF37}" = Nokia Connectivity Cable Driver
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3ad61ee5-81d2-4d7e-adef-da1dd37277d1}" = Python 3.1
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DE96337-68D2-48E0-A863-6E4A5CD3BC25}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA10D13-F83A-487E-9B30-CC979FEF7A70}" = OviMPlatform
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6339663B-F26F-4FE3-B813-0E1DEC4ED976}" = Nokia Ovi Suite
"{63C5DD30-4C46-4968-B96A-A3E2992769FE}" = MAGIX Screenshare
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = WIDCOMM Bluetooth Software
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A6338038-539C-3896-C692-1D33BBB01D46}" = MAGIX Online Druck Service
"{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B252FEC0-C63B-4AF6-8459-D105B3E3FC70}" = MAGIX Foto Manager 10
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{BEF7FC5C-0182-4DDE-BDDD-F7D132AB833D}" = Ovi Desktop Sync Engine
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CC7CD33C-E63D-4E73-8726-9AD3FF322409}" = Draadloze N USB adapter voorziening
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT
"{D22F5242-773E-4270-AB1F-492021BCABBE}" = Garmin City Navigator Europe NT 2010.31 Update
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Abaqus 6.8 Student Edition" = Abaqus 6.8 Student Edition
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Dassault Systemes Doc English B19" = Dassault Systemes Doc English CATIA P3 B19
"de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"E-Finance Java" = E-Finance Java
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free Studio_is1" = Free Studio version 5.2.1
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MatlabR2008b" = MATLAB R2008b
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PSPad editor_is1" = PSPad editor
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.0
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23.06.2012 06:09:46 | Computer Name = myPC | Source = WinMgmt | ID = 10
Description =

Error - 25.06.2012 07:04:36 | Computer Name = myPC | Source = WinMgmt | ID = 10
Description =

Error - 26.06.2012 08:51:12 | Computer Name = myPC | Source = WinMgmt | ID = 10
Description =

Error - 27.06.2012 17:41:18 | Computer Name = myPC | Source = WinMgmt | ID = 10
Description =

Error - 28.06.2012 17:42:51 | Computer Name = myPC | Source = WinMgmt | ID = 10
Description =

Error - 30.06.2012 13:24:01 | Computer Name = myPC | Source = WinMgmt | ID = 10
Description =

Error - 01.07.2012 06:39:17 | Computer Name = myPC | Source = WinMgmt | ID = 10
Description =

Error - 04.07.2012 13:28:37 | Computer Name = myPC | Source = WinMgmt | ID = 10
Description =

Error - 05.07.2012 07:07:48 | Computer Name = myPC | Source = WinMgmt | ID = 10
Description =

Error - 05.07.2012 11:43:16 | Computer Name = myPC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 05.07.2012 07:06:29 | Computer Name = myPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bluetooth Port Client Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1275

Error - 05.07.2012 07:06:39 | Computer Name = myPC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BTKRNL

Error - 05.07.2012 07:07:27 | Computer Name = myPC | Source = DCOM | ID = 10016
Description =

Error - 05.07.2012 11:41:43 | Computer Name = myPC | Source = BTHUSB | ID = 327685
Description = Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe
erwartet, das aber nicht empfangen wurde.

Error - 05.07.2012 11:42:02 | Computer Name = myPC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\btserial.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 05.07.2012 11:42:02 | Computer Name = myPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bluetooth Serial Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1275

Error - 05.07.2012 11:42:02 | Computer Name = myPC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\btslbcsp.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 05.07.2012 11:42:02 | Computer Name = myPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bluetooth Port Client Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1275

Error - 05.07.2012 11:42:25 | Computer Name = myPC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BTKRNL

Error - 05.07.2012 11:43:22 | Computer Name = myPC | Source = DCOM | ID = 10016
Description =


< End of report >

 

Themen zu Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe
alle kontakte, antivir, avira, backdoor.cycbot.gen, bho, canon, converter, desktop, e-mail, error, excel, firefox, flash player, gmx-account, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, logfile, microsoft office word, mozilla, mp3, plug-in, popup, registry, scan, searchscopes, security, senden, software, svchost.exe, trojaner, vdeck.exe, vista


« Live Security Platinum Angriff | Nach dem Scan mit mbam einen Rootkit.Agent gefunden »


Ähnliche Themen: Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe


  1. atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden.
    Log-Analyse und Auswertung - 26.07.2015 (4)
  2. csrss key-logger bzw Trojaner im Taskmanager gefunden
    Plagegeister aller Art und deren Bekämpfung - 22.02.2014 (7)
  3. winlogon.exe und csrss.exe ---> Trojaner
    Log-Analyse und Auswertung - 30.10.2013 (3)
  4. csrss.exe & allgemein Suche nach einem Trojaner im Log
    Log-Analyse und Auswertung - 25.10.2012 (1)
  5. Trojaner noch da? csrss.exe doppelt vorhanden
    Log-Analyse und Auswertung - 13.04.2012 (3)
  6. Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe
    Plagegeister aller Art und deren Bekämpfung - 16.12.2011 (41)
  7. Vermutlich Trojaner (dwm.exe / csrss.exe)
    Log-Analyse und Auswertung - 17.06.2011 (1)
  8. Trojaner + csrss.exe & winlogon.exe ohne Beschreibung
    Plagegeister aller Art und deren Bekämpfung - 09.06.2011 (32)
  9. csrss.exe, Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.03.2011 (1)
  10. Trojaner, Malware entdeckt, beseitigt? csrss.exe nicht im Win32-Modus, usw.
    Plagegeister aller Art und deren Bekämpfung - 23.02.2011 (21)
  11. Cycbot.B Trojaner / csrss.exe gemeldet, entfernt. Formatieren nötig?
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (10)
  12. Trojaner in wininit.exe und csrss.exe?
    Log-Analyse und Auswertung - 01.09.2010 (1)
  13. winlogon.exe/csrss.exe ? jemand entscheidet was ich darf und was nicht..Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2010 (10)
  14. Zurück Trojaner-Board > Sicherheit - Trojaner-Info.de Forum > Plagegeister aller
    Mülltonne - 11.09.2008 (1)
  15. cftmon.exe/netmon.exe/Monitor.exe/csrss.exe| Trojaner? Wie bekomm ich die weg?
    Mülltonne - 09.01.2008 (0)
  16. Wie bekomme ich den Trojaner weg (csrss.dll)(TR/Click.Small.KJ.1647)?
    Log-Analyse und Auswertung - 07.07.2007 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe - Hallo Zusammen, Von meinem GMX-Account wurde heute ohne mein Zutun eine Mail mit ominösem Link an alle meine Kontakte geschickt. Ich wurde darauf aufmerksam, indem ich eine Benachrichtigung erhalten habe, - Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe...
Archiv
Du betrachtest: Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131