|
Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe Hallo Zusammen, Von meinem GMX-Account wurde heute ohne mein Zutun eine Mail mit ominösem Link an alle meine Kontakte geschickt. Ich wurde darauf aufmerksam, indem ich eine Benachrichtigung erhalten habe, dass manche der Mails nicht zugestellt werden konnten (e-mail nicht aktuell, Spamschutz) Nachdem ich eine Warnung an alle Kontakte verfasst hatte, habe ich Passwörter mit Hilfe eines 2. Rechners geändert und mich auf die Suche nach dem Grund gemacht. Dabei ist Malwarebytes auf 4 Programme gestossen (csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe), die nun in der Quarantäne sind. Habe ich damit den Trojaner/Virenbefall beseitigt, oder muss ich noch weitere Schritte unternehmen? Sind Euch diese Schadprogramme bekannt? Was könnten sie noch angestellt haben, bzw. wo könnte ich mich infiziert haben? Vielen Dank für Eure Hilfe. Zu eurer Info hier das Log-file von Malwarebytes sowie OTL: ------------------------------------------------- Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.05.03 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 XXXLLL :: MYPC [Administrator] Schutz: Aktiviert 05.07.2012 14:11:19 mbam-log-2012-07-05 (14-11-19).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 742377 Laufzeit: 2 Stunde(n), 22 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\XXXLLL\AppData\Local\Temp\csrss.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Daten: explorer.exe,C:\Users\XXXLLL\AppData\Roaming\dwm.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\XXXLLL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9IOG7C3U\doclhmfmarfwhmfmj[1].exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\XXXLLL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVFK2JLO\info[1].exe (Backdoor.Cycbot.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ------------------------------------------------- OTL logfile created on: 05.07.2012 18:25:35 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\XXXLLL\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 60,20% Memory free 7,98 Gb Paging File | 6,12 Gb Available in Paging File | 76,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,32 Gb Total Space | 723,46 Gb Free Space | 77,68% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: MYPC | User Name: XXXLLL | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.05 18:12:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\XXXLLL\Downloads\OTL.exe PRC - [2012.07.05 18:11:59 | 000,050,477 | ---- | M] () -- C:\Users\XXXLLL\Downloads\Defogger.exe PRC - [2012.06.30 19:24:41 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.12.08 20:01:36 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2009.11.20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.05.19 18:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.06.10 09:39:54 | 011,415,552 | ---- | M] (ZyXEL Communications Corp.) -- C:\Program Files (x86)\ZyXEL\NWD271N\NWD271N.exe PRC - [2006.10.27 19:13:54 | 004,493,312 | ---- | M] (Expansion Programs International, Inc.) -- C:\ProgramData\Simulia\Documentation\monitor.exe PRC - [2004.10.01 15:12:18 | 000,565,309 | ---- | M] (Broadcom Corporation) -- C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe ========== Modules (No Company Name) ========== MOD - [2012.07.05 18:11:59 | 000,050,477 | ---- | M] () -- C:\Users\XXXLLL\Downloads\Defogger.exe MOD - [2012.06.30 19:24:41 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2008.06.10 09:39:52 | 000,413,696 | ---- | M] () -- C:\Program Files (x86)\ZyXEL\NWD271N\NICDLL.dll MOD - [2004.10.01 15:13:12 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\WIDCOMM\Bluetooth Software\btkeyind.dll ========== Win32 Services (SafeList) ========== SRV - [2012.06.30 19:24:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2011.03.21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.08 20:01:36 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.11.20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2006.10.27 19:13:54 | 004,493,312 | ---- | M] (Expansion Programs International, Inc.) [Auto | Running] -- C:\ProgramData\Simulia\Documentation\monitor.exe -- (Texis Monitor) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.12.08 20:01:36 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.20 06:02:32 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E60x64.sys -- (L1E) DRV:64bit: - [2009.02.06 18:42:12 | 000,061,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2008.12.19 05:43:18 | 001,048,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2008.10.03 06:08:28 | 000,225,296 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008.06.10 09:39:54 | 000,517,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WLANUHN.sys -- (ZY271NV64) ZyXEL 802.11n NWD271N Driver(vista) DRV:64bit: - [2008.06.10 09:39:54 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ZDCNDIS6a64.sys -- (ZDCNDIS6a64) DRV:64bit: - [2008.01.02 13:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver) DRV:64bit: - [2007.04.20 21:29:52 | 001,037,312 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb) DRV:64bit: - [2006.11.28 21:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CBPSp50a64.sys -- (CBPSp50a64) DRV:64bit: - [2006.11.01 00:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.06.10 09:39:54 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ZDCNDIS6a64.sys -- (ZDCNDIS6a64) DRV - [2004.10.01 14:50:26 | 000,023,271 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\btserial.sys -- (BTSERIAL) DRV - [2004.10.01 14:50:20 | 000,222,876 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\btslbcsp.sys -- (BTSLBCSP) DRV - [2004.10.01 14:48:30 | 001,241,482 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\btkrnl.sys -- (BTKRNL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{CE3C0FBC-2505-4E4F-BE5E-E389891E7F4D}: "URL" = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61657 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://eu.ixquick.com/deu/" FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 61657 FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.06.26 12:30:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.30 19:24:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.21 00:01:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.05.08 19:24:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.06.26 12:30:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.30 19:24:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.21 00:01:05 | 000,000,000 | ---D | M] [2010.12.07 22:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXLLL\AppData\Roaming\mozilla\Extensions [2010.12.07 22:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXLLL\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.04 19:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXLLL\AppData\Roaming\mozilla\Firefox\Profiles\yh4ez24o.default\extensions [2011.08.28 19:56:46 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\XXXLLL\AppData\Roaming\mozilla\Firefox\Profiles\yh4ez24o.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010.07.23 12:44:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXXLLL\AppData\Roaming\mozilla\Firefox\Profiles\yh4ez24o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.10.12 23:15:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\XXXLLL\AppData\Roaming\mozilla\Firefox\Profiles\yh4ez24o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.30 00:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.03.03 00:47:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.06.30 19:24:41 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.30 19:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.30 19:24:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.30 19:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.30 19:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.30 19:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.30 19:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_13\bin\jp2ssv.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [conhost] C:\Users\XXXLLL\AppData\Roaming\Microsoft\conhost.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\XXXLLL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXLLL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Senden an &Bluetooth - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\XXXLLL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXLLL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{568187EF-AD8B-4E73-8652-F830317E6289}: DhcpNameServer = 192.168.0.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BBAE320-575C-4516-AE50-32F672FDC1EE}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\widimg - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\Windows\SysWOW64\BTXPPanel.dll (Broadcom Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.09.18 15:47:14 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{c84741d2-17ac-11e1-85db-000272c3f002}\Shell - "" = AutoRun O33 - MountPoints2\{c84741d2-17ac-11e1-85db-000272c3f002}\Shell\AutoRun\command - "" = J:\SecureDataUSBDrive.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.05 14:09:18 | 000,000,000 | ---D | C] -- C:\Users\XXXLLL\AppData\Roaming\Malwarebytes [2012.07.05 14:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.05 14:09:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.05 14:09:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\XXXLLL\Desktop\*.tmp files -> C:\Users\XXXLLL\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.05 18:24:12 | 000,000,000 | ---- | M] () -- C:\Users\XXXLLL\defogger_reenable [2012.07.05 17:49:39 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 17:49:39 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 17:46:50 | 001,499,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.05 17:46:50 | 000,653,304 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.05 17:46:50 | 000,615,276 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.05 17:46:50 | 000,131,260 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.05 17:46:50 | 000,107,258 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.05 17:41:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.05 17:41:38 | 3214,737,408 | -HS- | M] () -- C:\hiberfil.sys [2012.07.05 17:27:18 | 004,459,849 | ---- | M] () -- C:\Users\XXXLLL\Desktop\IMG_0002.pdf [2012.07.05 16:55:37 | 002,027,969 | ---- | M] () -- C:\Users\XXXLLL\Desktop\IMG_0001.pdf [2012.07.05 16:20:15 | 000,348,364 | ---- | M] () -- C:\Users\XXXLLL\Desktop\IMG.pdf [2012.07.01 17:01:24 | 000,001,687 | ---- | M] () -- C:\Users\XXXLLL\Desktop\E-Finance Java.lnk [2012.06.30 19:22:26 | 513,453,698 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.06.14 03:33:43 | 000,473,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.14 00:36:42 | 000,000,000 | ---- | M] () -- C:\Users\XXXLLL\Desktop\test.stl [2012.06.13 00:10:49 | 003,741,684 | ---- | M] () -- C:\Users\XXXLLL\Desktop\frosch.stl [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\XXXLLL\Desktop\*.tmp files -> C:\Users\XXXLLL\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.05 18:24:12 | 000,000,000 | ---- | C] () -- C:\Users\XXXLLL\defogger_reenable [2012.07.05 17:27:25 | 004,459,849 | ---- | C] () -- C:\Users\XXXLLL\Desktop\IMG_0002.pdf [2012.07.05 16:55:59 | 002,027,969 | ---- | C] () -- C:\Users\XXXLLL\Desktop\IMG_0001.pdf [2012.07.05 16:28:18 | 000,348,364 | ---- | C] () -- C:\Users\XXXLLL\Desktop\IMG.pdf [2012.06.13 23:44:46 | 003,741,684 | ---- | C] () -- C:\Users\XXXLLL\Desktop\frosch.stl [2012.06.05 22:22:21 | 005,071,578 | ---- | C] () -- C:\Users\XXXLLL\Desktop\Girl_head.stl [2012.05.03 00:14:43 | 000,007,670 | ---- | C] () -- C:\Users\XXXLLL\AppData\Local\Resmon.ResmonCfg [2011.12.08 00:47:45 | 000,000,586 | ---- | C] () -- C:\Users\XXXLLL\.octave_hist [2011.12.07 23:05:29 | 000,000,038 | ---- | C] () -- C:\Users\XXXLLL\.lesshst [2011.06.05 22:04:16 | 000,002,736 | ---- | C] () -- C:\Users\XXXLLL\AppData\Roaming\EC7A.5A5 [2010.11.24 21:56:16 | 000,019,456 | ---- | C] () -- C:\Users\XXXLLL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.19 19:27:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.12 23:20:03 | 000,009,390 | ---- | C] () -- C:\Users\XXXLLL\abaqus_v6.8.gpr [2009.08.09 17:47:51 | 000,027,528 | ---- | C] () -- C:\Users\XXXLLL\AppData\Roaming\UserTile.png ========== LOP Check ========== [2011.05.26 00:27:45 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\5571918 [2009.12.29 16:32:14 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\AquaSoft [2010.09.18 16:03:11 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Autodesk [2010.02.27 17:58:40 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Canon [2012.01.22 17:12:55 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2009.12.29 16:32:17 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\DassaultSystemes [2012.07.02 21:02:37 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\DVDVideoSoft [2011.10.12 23:15:50 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\DVDVideoSoftIEHelpers [2010.04.15 21:46:13 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\GARMIN [2009.12.29 16:32:17 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\J River [2012.01.22 15:15:37 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\MAGIX [2012.05.31 23:04:46 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\MediaMonkey [2012.03.18 00:08:18 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Mobile Atlas Creator [2011.06.26 14:02:13 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Nokia [2011.06.26 14:02:13 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Nokia Ovi Suite [2009.12.29 16:32:55 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\OpenOffice.org [2011.05.14 22:03:02 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\PC Suite [2009.08.09 17:47:51 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\PeerNetworking [2010.12.07 22:49:47 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Thunderbird [2009.12.29 16:33:04 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Ulead Systems [2012.05.26 13:00:47 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > --------------------------------------------------------------- OTL Extras logfile created on: 05.07.2012 18:25:35 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\XXXLLL\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 60,20% Memory free 7,98 Gb Paging File | 6,12 Gb Available in Paging File | 76,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,32 Gb Total Space | 723,46 Gb Free Space | 77,68% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: MYPC | User Name: XXXLLL | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08DC3FD4-A721-4C4F-A018-8B3AF463027D}" = rport=445 | protocol=6 | dir=out | app=system | "{2DEDED3F-6B5A-4B8F-9674-61360F271F0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{39A71540-238E-4E10-B143-1D60C06B3DA5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{43F1150A-ECFF-490B-A35E-BE5E3CE31FAF}" = lport=137 | protocol=17 | dir=in | app=system | "{57C7A617-6315-4D37-9E38-79B870230DDB}" = rport=137 | protocol=17 | dir=out | app=system | "{61E6B53E-899B-4D39-ACF8-98E343A4AB5A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{66713D54-401D-4336-8A22-78C8E8F75D64}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6CD0235E-B18E-49B2-B78A-C50FA6D4F62A}" = rport=10243 | protocol=6 | dir=out | app=system | "{7530E86C-9E6A-498D-8891-523BB5DCF030}" = lport=2869 | protocol=6 | dir=in | app=system | "{807B303F-0460-48FF-83B8-B5A25B6D77DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8C58FBE4-EA07-4284-B0EA-6279F472781F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8D8CB942-34C9-4078-A4E1-B3A6022C02FA}" = rport=139 | protocol=6 | dir=out | app=system | "{A4350BC6-7363-4C33-90A3-5863CD9AE79C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A76DAB26-16E2-497F-B56A-5D2C6947C063}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{A7D9DEB4-C9DB-4377-BB69-975F9C32681D}" = lport=2869 | protocol=6 | dir=in | app=system | "{AF2D3AD0-8BEA-4FD6-89C4-CE63C0F87A6F}" = lport=445 | protocol=6 | dir=in | app=system | "{C1C27CCA-E711-405D-A5B7-C2AFF2C57957}" = lport=139 | protocol=6 | dir=in | app=system | "{C515A402-1EDF-4BC7-A009-CAAB7CC8EA3A}" = rport=138 | protocol=17 | dir=out | app=system | "{D625448D-A9CE-43D6-B202-2F0BA269FA6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{D6C37273-1669-425D-A338-F72FA1E5B274}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D7F9BD0D-C075-46A9-9982-B2F2EF158C23}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E39AF3A7-8F7F-4EB4-A203-4BBA6B8324C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F2C48805-7A13-41CE-9203-762C27FA8EED}" = lport=138 | protocol=17 | dir=in | app=system | "{F81BBF13-29AF-4D49-ABB7-4F42AB08641D}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0587B06E-1EA2-462A-A122-708F413DE8A9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{1FFE50FC-5984-43B6-ADD0-A566725FBCEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2011B51A-4A43-4F63-A8D3-CAAC36BFCC7F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{2373D966-B911-492F-97EA-607E74C76EA0}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{2A4AA3C9-09AE-43DF-9408-7F6C0BE74DAF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3224AF8D-F5C1-418B-A686-8AB713369CB8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{4AC5DBE2-8343-4EA3-BFC9-7ECD41766D41}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{52B3DB50-6B52-466F-BF5A-FA4A990F9DE5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5C2916BD-C8D0-4E5F-A9F4-ABA99F86E7C3}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{61155993-FEAA-4E0C-84D0-5A53ECB7D60E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{67027E2A-BEA6-4C2C-8968-D2502F3E51BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6D8365A7-932F-4761-8C66-0F59785FDCF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{75802EA4-8ECA-4653-80E4-03E923828A1C}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{7C0BF9A9-FEB2-4011-87C3-8AFC99AB827F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7E0AD250-6A02-43B4-B6CA-11FBB7EEDD3A}" = protocol=6 | dir=out | app=system | "{8212A4E7-835D-4A8B-9402-650B2CF18119}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{839F0032-5CE5-4E99-8F6D-ADA031741610}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{8B30D6EC-DAD1-45BC-8B0C-EB0B1DA8CA13}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{8BC9E354-57CD-456C-88DA-D65F0076DE20}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8DC7A4DD-A36A-4642-9F78-40B0A5E2699D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{90DA0958-B5E2-42C4-8674-088CCD029B73}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{989CB802-468A-496E-BB16-1ECF0A158711}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9A7896D7-E6ED-4B45-ACCD-DB0798F91979}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9F097E4D-877B-40A4-A34A-6DAA64F63CD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A130342E-3ACD-4635-A10A-F78101AD0356}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB268677-8817-49CF-BF01-7DCEDB3A9ACA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B43790F8-C62F-4158-9CAE-A999917B1AB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BA277F18-1817-40DF-A9B6-60F3972E595D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C9DC398D-A6E2-4290-8E37-4BB646C55D2A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{CB830483-DDF9-4D6B-A230-1804443574A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D209D572-89DC-42DD-82A2-DC1CF9D4C592}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D40661D4-7A96-4627-9403-6AB1BE2E7A05}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{E53E010A-4AB9-4053-BF37-9D22CA854A6A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{F31FF48F-F42D-4393-ACE0-1D2B78AE71CE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{0F99D3BD-5C84-4D90-A15E-638964A11006}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{2022B12E-0BB8-47F3-AE5D-66341EE72E76}C:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe | "TCP Query User{2FFB6C81-9BF0-42A8-BA63-2A572D22B6BE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{73B86D6B-8C23-4173-AE08-8F5A7A33BE10}C:\users\XXXLLL\appdata\local\temp\i1250107917\windows\resource\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\XXXLLL\appdata\local\temp\i1250107917\windows\resource\jre\bin\javaw.exe | "TCP Query User{7CB33364-F197-40F3-8795-7F86B3B3A670}C:\programdata\simulia\6.8-2se\exec\abqcaek.exe" = protocol=6 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abqcaek.exe | "TCP Query User{AFC6F395-91A3-4346-8BF9-DF77FF85E9A8}C:\programdata\simulia\6.8-2se\exec\abqcaek.exe" = protocol=6 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abqcaek.exe | "TCP Query User{D9CF0CE9-0650-447C-848C-58FDA1C7EA17}C:\programdata\simulia\6.8-2se\exec\abq_pde.exe" = protocol=6 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abq_pde.exe | "TCP Query User{E88A5824-2606-483F-A86C-978E0C659832}C:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe | "TCP Query User{EF83B80A-8F8B-48AD-AF1E-00CFC5DE5D24}C:\programdata\simulia\6.8-2se\exec\abqcaeg.exe" = protocol=6 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abqcaeg.exe | "UDP Query User{1C92403B-B469-462D-AE26-C72CE1BAC72A}C:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe | "UDP Query User{2C2E05B9-3FA3-483C-A217-654694D72BC6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{4108A891-FFA0-46C5-8806-0EFF0A6B675E}C:\programdata\simulia\6.8-2se\exec\abqcaek.exe" = protocol=17 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abqcaek.exe | "UDP Query User{486D198E-F6E9-4C9D-A505-2AB44FC0224C}C:\programdata\simulia\6.8-2se\exec\abqcaek.exe" = protocol=17 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abqcaek.exe | "UDP Query User{5CFD7A5E-D6E0-4BFB-AF55-1E24872E095A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{9071AE47-7096-4430-BA4F-BDE4ABC2F157}C:\programdata\simulia\6.8-2se\exec\abqcaeg.exe" = protocol=17 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abqcaeg.exe | "UDP Query User{B5A87A34-7D73-4DF4-9912-1C432BACAAD0}C:\users\XXXLLL\appdata\local\temp\i1250107917\windows\resource\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\XXXLLL\appdata\local\temp\i1250107917\windows\resource\jre\bin\javaw.exe | "UDP Query User{CB128986-834D-4A96-82AD-8682EBBFD7C7}C:\programdata\simulia\6.8-2se\exec\abq_pde.exe" = protocol=17 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abq_pde.exe | "UDP Query User{D8C46321-5020-4AE4-BF27-8EB9100C7798}C:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers "{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit) "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{C17EE011-15A9-4542-91FA-567B0F3D123F}" = Windows Live Family Safety "{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64 "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Dassault Systemes B19_0" = Dassault Systemes Software B19 "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4 "_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie "{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR "{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{25CFEF55-A945-41FC-86ED-76469F31DF37}" = Nokia Connectivity Cable Driver "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{3ad61ee5-81d2-4d7e-adef-da1dd37277d1}" = Python 3.1 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3DE96337-68D2-48E0-A863-6E4A5CD3BC25}" = PC Connectivity Solution "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CA10D13-F83A-487E-9B30-CC979FEF7A70}" = OviMPlatform "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6339663B-F26F-4FE3-B813-0E1DEC4ED976}" = Nokia Ovi Suite "{63C5DD30-4C46-4968-B96A-A3E2992769FE}" = MAGIX Screenshare "{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4 "{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA "{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture "{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw "{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP "{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content "{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters "{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav "{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = WIDCOMM Bluetooth Software "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials "{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant "{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM "{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR "{A6338038-539C-3896-C692-1D33BBB01D46}" = MAGIX Online Druck Service "{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL "{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B252FEC0-C63B-4AF6-8459-D105B3E3FC70}" = MAGIX Foto Manager 10 "{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b) "{BEF7FC5C-0182-4DDE-BDDD-F7D132AB833D}" = Ovi Desktop Sync Engine "{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CC7CD33C-E63D-4E73-8726-9AD3FF322409}" = Draadloze N USB adapter voorziening "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension "{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT "{D22F5242-773E-4270-AB1F-492021BCABBE}" = Garmin City Navigator Europe NT 2010.31 Update "{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES "{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "Abaqus 6.8 Student Edition" = Abaqus 6.8 Student Edition "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "Dassault Systemes Doc English B19" = Dassault Systemes Doc English CATIA P3 B19 "de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "E-Finance Java" = E-Finance Java "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1 "Free Studio_is1" = Free Studio version 5.2.1 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12 "MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "MatlabR2008b" = MATLAB R2008b "MediaMonkey_is1" = MediaMonkey 4.0 "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0 "Nokia Ovi Suite" = Nokia Ovi Suite "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "PSPad editor_is1" = PSPad editor "SystemRequirementsLab" = System Requirements Lab "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.0 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.06.2012 06:09:46 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = Error - 25.06.2012 07:04:36 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = Error - 26.06.2012 08:51:12 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = Error - 27.06.2012 17:41:18 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = Error - 28.06.2012 17:42:51 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = Error - 30.06.2012 13:24:01 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = Error - 01.07.2012 06:39:17 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = Error - 04.07.2012 13:28:37 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = Error - 05.07.2012 07:07:48 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = Error - 05.07.2012 11:43:16 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 05.07.2012 07:06:29 | Computer Name = myPC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Bluetooth Port Client Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 05.07.2012 07:06:39 | Computer Name = myPC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: BTKRNL Error - 05.07.2012 07:07:27 | Computer Name = myPC | Source = DCOM | ID = 10016 Description = Error - 05.07.2012 11:41:43 | Computer Name = myPC | Source = BTHUSB | ID = 327685 Description = Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe erwartet, das aber nicht empfangen wurde. Error - 05.07.2012 11:42:02 | Computer Name = myPC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\btserial.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 05.07.2012 11:42:02 | Computer Name = myPC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Bluetooth Serial Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 05.07.2012 11:42:02 | Computer Name = myPC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\btslbcsp.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 05.07.2012 11:42:02 | Computer Name = myPC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Bluetooth Port Client Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 05.07.2012 11:42:25 | Computer Name = myPC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: BTKRNL Error - 05.07.2012 11:43:22 | Computer Name = myPC | Source = DCOM | ID = 10016 Description = < End of report > |
hi hast du den link noch, wenn ja mal als private nachicht an mich |
Hallo, Gibt es schon was neues? Grüsse Markus |
niemand? Schade... |
hattest du mir den link gesendet? sorry antwort vom 09.07 übersehen. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
|
Hallo Die Links habe ich dir nochmal weitergeleitet. Bitte melde dich, falls du keine Nachricht bekommen hast. Hier das Combofix.txt: Code: ComboFix 12-07-13.03 - XXXLLL 14.07.2012 11:01:10.1.4 - x64Gruss und Danke |
hab ich bekommen, danke waren das alle malwarebytes logs, falls nein, öffnen, berichte, logs mit funden posten |
Hallo Das ist das einzige log-file von einem Suchlauf: Code: Malwarebytes Anti-Malware (Test) 1.61.0.1400 |
nein danke download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten |
Voilà TDSS Killer Log: Code: 22:24:58.0398 1896 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35 |
hi lade den CCleaner standard: CCleaner Download - CCleaner 3.20.1750 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten. |
Hallo, Code: Abaqus 6.8 Student Edition Dassault Systemes Simulia Corp. 29.12.2009 6.8.0.0 notwendig |
deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: E-Finance Firebird Garmin : beide MAGIX : alle Microsoft Silverlight Skype Toolbars Windows Live : alle die, die du nicht nutzt öffne ccleaner, analysieren starten öffne otl, cleanup pc startet neu, testen wie er läuft |
Hallo, Ok, alles ausgeführt. Läuft soweit stabil. Keine negativen Vorkommnisse. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 06:55 Uhr. |
Copyright ©2000-2025, Trojaner-Board