Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms

Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms


Log-Analyse und Auswertung: Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 09.03.2013, 18:00   #1
tom1223
 
Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms - Standard

Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms


Hi Trojaner-Board,

ich versuche an einem anderen Laptop zu helfen: Dort wurde vor zwei Wochen
eine Fake-Email mit Rechnung als Zipdatei im Anhang unwissendlich geöffnet und nun
kommen ständig Virenmeldungen,
ADWARE/Yontoo.Gen und Yontoo.Gen2, WORM/Vonfus.2785289 wurden bisher von Antivir gefunden.

Könnt ihr mir bitte helfen?

Es wurde schon mal ein Antimalware-Scan durchgeführt letzte Woche, hier der Scan:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.03.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ralf :: RALF-PC [Administrator]

03.03.2013 20:15:43
mbam-log-2013-03-03 (20-15-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 208251
Laufzeit: 9 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Ralf\AppData\Roaming\Cykahu\enen.exe (Trojan.Agent.MU) -> 5436 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Eridiksu (Trojan.Agent.MU) -> Daten: C:\Users\Ralf\AppData\Roaming\Cykahu\enen.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Ralf\AppData\Roaming\Cykahu\enen.exe (Trojan.Agent.MU) -> Löschen bei Neustart.

(Ende)



Hier die folgenden Scans:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.09.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ralf :: RALF-PC [Administrator]

09.03.2013 16:04:36
mbam-log-2013-03-09 (16-04-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 348842
Laufzeit: 1 Stunde(n), 46 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Gleich gibts die restlichen!OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.03.2013 18:06:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ralf\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,07% Memory free
7,99 Gb Paging File | 6,11 Gb Available in Paging File | 76,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 212,27 Gb Free Space | 74,90% Space Free | Partition Type: NTFS
 
Computer Name: RALF-PC | User Name: Ralf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.09 16:55:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ralf\Desktop\OTL.exe
PRC - [2013.02.27 20:20:27 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.02.19 19:20:37 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013.02.15 12:39:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.15 12:38:07 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.15 12:38:06 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.21 04:01:58 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.09.06 18:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011.08.18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011.08.18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011.08.01 18:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2009.06.24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009.06.09 17:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2009.06.05 02:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 02:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.05.21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009.05.21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.27 20:20:03 | 003,067,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.02.15 15:01:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.11 19:17:02 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013.01.10 21:10:56 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 21:10:05 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013.01.10 21:09:36 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 21:09:31 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013.01.10 21:09:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.10 21:08:56 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 21:08:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 21:08:35 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 21:08:03 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011.08.18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 18:58:15 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.17 02:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009.06.29 05:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.06.25 11:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.02.27 20:20:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.27 20:11:17 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.15 12:39:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.15 12:38:07 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.21 04:01:58 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.08.18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.29 05:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.09 17:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009.06.05 02:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009.05.21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.12.12 18:10:02 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.12 18:09:53 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.15 08:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.03.09 19:23:47 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.09.28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.17 02:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009.07.17 02:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.29 05:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.06.25 12:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.08 09:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.02.05 12:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006.11.01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {EAC7CBC3-0D54-4A17-B78A-F1929C00C73F}
IE:64bit: - HKLM\..\SearchScopes\{EAC7CBC3-0D54-4A17-B78A-F1929C00C73F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {8581C9B1-082F-4860-8CC2-A054E862C727}
IE - HKLM\..\SearchScopes\{8581C9B1-082F-4860-8CC2-A054E862C727}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {8581C9B1-082F-4860-8CC2-A054E862C727}
IE - HKCU\..\SearchScopes\{AF5AEC55-9EF4-41DF-9162-C0370835616B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=5569C61D-ACE4-4D5B-890B-5BB57BAA28D7&apn_sauid=0B26DE56-6009-428F-8CAD-F42BCC71CE11
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.27 20:20:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.27 20:19:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.27 20:20:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.27 20:19:53 | 000,000,000 | ---D | M]
 
[2012.07.01 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Extensions
[2012.07.01 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.03.03 20:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\i5tegyxn.default\extensions
[2013.03.03 20:06:16 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\i5tegyxn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.09 18:24:24 | 000,002,299 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\i5tegyxn.default\searchplugins\askcom.xml
[2013.02.27 20:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.02.27 20:19:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.02.27 20:20:27 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{143BBB14-0BDE-4E42-8EBD-DCD620BF51FA}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{071abbaf-2ba9-11df-a795-a4badb93e580}\Shell - "" = AutoRun
O33 - MountPoints2\{071abbaf-2ba9-11df-a795-a4badb93e580}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{071abbaf-2ba9-11df-a795-a4badb93e580}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{071abbaf-2ba9-11df-a795-a4badb93e580}\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.09 16:54:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ralf\Desktop\OTL.exe
[2013.03.03 20:14:34 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Malwarebytes
[2013.03.03 20:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.03 20:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.03 20:14:00 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.03 20:13:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.03 20:13:44 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Local\Programs
[2013.03.03 11:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.02.27 20:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.27 20:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.27 20:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.26 17:16:49 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Uxmyy
[2013.02.26 17:16:49 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Ovov
[2013.02.26 17:16:49 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Cykahu
[2013.02.17 17:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.02.17 17:20:48 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Local\Google
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.09 18:10:19 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.09 18:10:19 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.09 18:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.09 18:02:45 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.09 18:02:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.09 18:02:13 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.09 17:25:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.09 17:00:49 | 000,377,856 | ---- | M] () -- C:\Users\Ralf\Desktop\q1v34tnk.exe
[2013.03.09 16:55:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ralf\Desktop\OTL.exe
[2013.03.09 16:46:52 | 000,000,020 | ---- | M] () -- C:\Users\Ralf\defogger_reenable
[2013.03.09 16:46:02 | 000,050,477 | ---- | M] () -- C:\Users\Ralf\Desktop\Defogger.exe
[2013.03.06 20:37:50 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.03.06 20:34:57 | 000,058,429 | ---- | M] () -- C:\Users\Ralf\Desktop\TP VO - Terminplan Vorstand - Rev.2.pdf
[2013.03.06 20:29:19 | 000,133,181 | ---- | M] () -- C:\Users\Ralf\Desktop\2013_Spielgemeinschaftsvertrag - Rev 6.pdf
[2013.03.03 11:31:32 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.01 13:40:02 | 000,279,205 | ---- | M] () -- C:\Users\Ralf\Desktop\basic_kassette_02.jpg
[2013.02.28 11:27:03 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.28 11:27:03 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.28 11:27:03 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.28 11:27:03 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.28 11:27:03 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.15 14:56:01 | 000,426,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.09 17:00:41 | 000,377,856 | ---- | C] () -- C:\Users\Ralf\Desktop\q1v34tnk.exe
[2013.03.09 16:46:52 | 000,000,020 | ---- | C] () -- C:\Users\Ralf\defogger_reenable
[2013.03.09 16:45:47 | 000,050,477 | ---- | C] () -- C:\Users\Ralf\Desktop\Defogger.exe
[2013.03.06 20:34:56 | 000,058,429 | ---- | C] () -- C:\Users\Ralf\Desktop\TP VO - Terminplan Vorstand - Rev.2.pdf
[2013.03.06 20:29:17 | 000,133,181 | ---- | C] () -- C:\Users\Ralf\Desktop\2013_Spielgemeinschaftsvertrag - Rev 6.pdf
[2013.03.03 11:31:32 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.01 13:40:01 | 000,279,205 | ---- | C] () -- C:\Users\Ralf\Desktop\basic_kassette_02.jpg
[2013.02.17 17:21:00 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.17 17:20:59 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.15 12:46:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.03 20:27:13 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Cykahu
[2010.03.09 19:28:20 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\DAEMON Tools Pro
[2010.04.16 16:29:07 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Farm Mania
[2013.02.27 19:40:48 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Ovov
[2012.07.01 18:45:19 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\TomTom
[2013.02.26 17:16:49 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Uxmyy
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.03.2013 18:06:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ralf\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,07% Memory free
7,99 Gb Paging File | 6,11 Gb Available in Paging File | 76,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 212,27 Gb Free Space | 74,90% Space Free | Partition Type: NTFS
 
Computer Name: RALF-PC | User Name: Ralf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02624CB4-E449-4FE6-87A6-6F50F407B04A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{27B7A65C-9FAE-45B2-90B9-2B25F731F098}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{362E47F7-9AD0-4274-B5E7-3484DD533C45}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3974E8CC-C5E3-42B2-9CD4-837986C988C8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{50612DD8-8771-4BEA-911D-73A7CF7EF7B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{62FEE83C-F409-4620-8320-AA54D93E1C16}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8CDBA6C5-EB36-45E7-A8D3-C48EC92A2AB4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{A1979084-23EB-4D9E-A288-7D4E93733F01}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BAB79D3B-2B85-4B97-A066-41D3D58B209C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BF715C35-834B-4E22-842A-A99F5F296320}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E04A1E65-7E82-4024-A47A-3EBEFB658C2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F3C9908-FA68-4D67-A3DA-8006DE89240D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{0FE1C16D-34CF-47CE-82CF-116156898A7A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1FBEB50A-9F6F-43E8-A0BD-B758469ABEAD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe | 
"{226422D8-62C4-489E-A40C-71151AC33373}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{2AD90CE5-46B1-4FD8-800A-BE243758EE37}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{2C8744E4-9C8A-443B-988B-0ECA97D28EB4}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{3EAD7A67-CC94-4380-8376-630DA2ADD172}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{419224B8-BB29-44C0-83F7-E5C752D33638}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{45096A6D-B88D-4866-A62D-9D2074959146}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{5852C020-F4C9-4698-97FB-A8770D4A22EF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe | 
"{5AFBCE11-B423-4C39-A05E-232D1E02B56B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{675360AE-8827-45E6-B0B4-360B980EE057}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{8C04383A-62D9-4DBF-A454-206A3BD4227B}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{91586AF1-57A5-469B-924D-C7357526598D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A4372234-4EA2-4DB1-B0E2-B31899B02F62}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{CCA81D7E-1FD8-4073-8B6C-E98DFC989062}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{D88E6283-F0E9-4A9E-98E7-80F92DD924EA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"TCP Query User{2103E472-FEE2-4EDD-81B7-CFF7372ED10A}C:\users\ralf\appdata\roaming\cykahu\enen.exe" = protocol=6 | dir=in | app=c:\users\ralf\appdata\roaming\cykahu\enen.exe | 
"UDP Query User{20E1C10D-973B-44FC-839C-DCE237745E3A}C:\users\ralf\appdata\roaming\cykahu\enen.exe" = protocol=17 | dir=in | app=c:\users\ralf\appdata\roaming\cykahu\enen.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{26CE484D-2E8E-40D5-B251-158133114C69}" = TomTom HOME
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TomTom HOME" = TomTom HOME 2.8.3.2499
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.02.2013 15:40:43 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
 ist bereits vorhanden.    bei System.IO.__Error.WinIOError(Int32 errorCode, String
 maybeFullPath)     bei System.IO.File.InternalCopy(String sourceFileName, String 
destFileName, Boolean overwrite)     bei System.IO.File.Copy(String sourceFileName,
 String destFileName)     bei Toaster.SchedulerReader.read()     bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()

   bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()     bei Toaster.Helper.CheckReminders(ObservableCollection`1
 notificationHelpers)     bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
 sender, EventArgs e)     bei System.Windows.Threading.DispatcherTimer.FireTick(Object
 unused)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
 
Error - 05.02.2013 15:57:41 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
 ist bereits vorhanden.    bei System.IO.__Error.WinIOError(Int32 errorCode, String
 maybeFullPath)     bei System.IO.File.InternalCopy(String sourceFileName, String 
destFileName, Boolean overwrite)     bei System.IO.File.Copy(String sourceFileName,
 String destFileName)     bei Toaster.SchedulerReader.read()     bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()

   bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()     bei Toaster.Helper.CheckReminders(ObservableCollection`1
 notificationHelpers)     bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
 sender, EventArgs e)     bei System.Windows.Threading.DispatcherTimer.FireTick(Object
 unused)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
 
Error - 06.02.2013 13:32:50 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
 ist bereits vorhanden.    bei System.IO.__Error.WinIOError(Int32 errorCode, String
 maybeFullPath)     bei System.IO.File.InternalCopy(String sourceFileName, String 
destFileName, Boolean overwrite)     bei System.IO.File.Copy(String sourceFileName,
 String destFileName)     bei Toaster.SchedulerReader.read()     bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()

   bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()     bei Toaster.Helper.CheckReminders(ObservableCollection`1
 notificationHelpers)     bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
 sender, EventArgs e)     bei System.Windows.Threading.DispatcherTimer.FireTick(Object
 unused)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
 
Error - 07.02.2013 12:18:41 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
 ist bereits vorhanden.    bei System.IO.__Error.WinIOError(Int32 errorCode, String
 maybeFullPath)     bei System.IO.File.InternalCopy(String sourceFileName, String 
destFileName, Boolean overwrite)     bei System.IO.File.Copy(String sourceFileName,
 String destFileName)     bei Toaster.SchedulerReader.read()     bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()

   bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()     bei Toaster.Helper.CheckReminders(ObservableCollection`1
 notificationHelpers)     bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
 sender, EventArgs e)     bei System.Windows.Threading.DispatcherTimer.FireTick(Object
 unused)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
 
Error - 07.02.2013 12:55:53 | Computer Name = Ralf-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 10.02.2013 12:40:29 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
 ist bereits vorhanden.    bei System.IO.__Error.WinIOError(Int32 errorCode, String
 maybeFullPath)     bei System.IO.File.InternalCopy(String sourceFileName, String 
destFileName, Boolean overwrite)     bei System.IO.File.Copy(String sourceFileName,
 String destFileName)     bei Toaster.SchedulerReader.read()     bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()

   bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()     bei Toaster.Helper.CheckReminders(ObservableCollection`1
 notificationHelpers)     bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
 sender, EventArgs e)     bei System.Windows.Threading.DispatcherTimer.FireTick(Object
 unused)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
 
Error - 10.02.2013 16:12:58 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
 ist bereits vorhanden.    bei System.IO.__Error.WinIOError(Int32 errorCode, String
 maybeFullPath)     bei System.IO.File.InternalCopy(String sourceFileName, String 
destFileName, Boolean overwrite)     bei System.IO.File.Copy(String sourceFileName,
 String destFileName)     bei Toaster.SchedulerReader.read()     bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()

   bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()     bei Toaster.Helper.CheckReminders(ObservableCollection`1
 notificationHelpers)     bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
 sender, EventArgs e)     bei System.Windows.Threading.DispatcherTimer.FireTick(Object
 unused)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
 
Error - 15.02.2013 07:38:08 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
 ist bereits vorhanden.    bei System.IO.__Error.WinIOError(Int32 errorCode, String
 maybeFullPath)     bei System.IO.File.InternalCopy(String sourceFileName, String 
destFileName, Boolean overwrite)     bei System.IO.File.Copy(String sourceFileName,
 String destFileName)     bei Toaster.SchedulerReader.read()     bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()

   bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()     bei Toaster.Helper.CheckReminders(ObservableCollection`1
 notificationHelpers)     bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
 sender, EventArgs e)     bei System.Windows.Threading.DispatcherTimer.FireTick(Object
 unused)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
 
Error - 15.02.2013 10:09:18 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
 ist bereits vorhanden.    bei System.IO.__Error.WinIOError(Int32 errorCode, String
 maybeFullPath)     bei System.IO.File.InternalCopy(String sourceFileName, String 
destFileName, Boolean overwrite)     bei System.IO.File.Copy(String sourceFileName,
 String destFileName)     bei Toaster.SchedulerReader.read()     bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()

   bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()     bei Toaster.Helper.CheckReminders(ObservableCollection`1
 notificationHelpers)     bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
 sender, EventArgs e)     bei System.Windows.Threading.DispatcherTimer.FireTick(Object
 unused)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
 
Error - 17.02.2013 11:15:38 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
 ist bereits vorhanden.    bei System.IO.__Error.WinIOError(Int32 errorCode, String
 maybeFullPath)     bei System.IO.File.InternalCopy(String sourceFileName, String 
destFileName, Boolean overwrite)     bei System.IO.File.Copy(String sourceFileName,
 String destFileName)     bei Toaster.SchedulerReader.read()     bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()

   bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()     bei Toaster.Helper.CheckReminders(ObservableCollection`1
 notificationHelpers)     bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
 sender, EventArgs e)     bei System.Windows.Threading.DispatcherTimer.FireTick(Object
 unused)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
 
[ Broadcom Wireless LAN Events ]
Error - 26.12.2012 12:33:20 | Computer Name = Ralf-PC | Source = WLAN-Tray | ID = 0
Description = 17:33:20, Wed, Dec 26, 12 Error - Unable to decode string, error 13

 
[ Dell Events ]
Error - 19.12.2010 06:50:42 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 27.02.2011 14:04:14 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 27.02.2011 14:04:14 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 28.02.2011 14:32:35 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 28.02.2011 14:32:35 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 02.06.2011 07:01:25 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 02.06.2011 07:01:25 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 02.06.2011 13:55:47 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 02.06.2011 13:55:47 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 14.07.2011 05:46:26 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ Media Center Events ]
Error - 09.03.2010 14:57:48 | Computer Name = Ralf-PC | Source = MCUpdate | ID = 0
Description = 19:57:48 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
[ System Events ]
Error - 03.03.2013 15:20:23 | Computer Name = Ralf-PC | Source = Microsoft Antimalware | ID = 1119
Description = Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte
 Software wurde von %%860 ein schwerwiegender Fehler festgestellt.    Weitere Informationen
 finden Sie hier:  hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Matsnu.gen!A&threatid=2147652606

	Name:
 Trojan:Win32/Matsnu.gen!A     ID: 2147652606     Schweregrad: Schwerwiegend     Kategorie: Trojaner

	Pfad:
 containerfile:_C:\Users\Ralf\AppData\Local\Temp\wrmslthknx.pre;file:_C:\Users\Ralf\AppData\Local\Temp\wrmslthknx.pre->[DynDrop]->(UPX)

	Ursprung
 der Erkennung: %%845     Typ der Erkennung: %%823     Quelle der Erkennung: %%820     Benutzer:
 NT-AUTORITÄT\SYSTEM     Prozessname: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

	Aktion:
 %%809     Aktionsstatus:  No additional actions required     Fehlercode: 0x80070021     Fehlerbeschreibung:
 Der Prozess kann nicht auf die Datei zugreifen, da ein anderer Prozess einen Teil
 der Datei gesperrt hat.      Signaturversion: AV: 1.145.961.0, AS: 1.145.961.0, NIS:
 18.36.0.0     Modulversion: AM: 1.1.9203.0, NIS: 2.1.8904.0
 
Error - 03.03.2013 15:28:21 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
Error - 03.03.2013 15:28:51 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
Error - 03.03.2013 15:37:07 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 03.03.2013 15:52:36 | Computer Name = Ralf-PC | Source = volsnap | ID = 393224
Description = Das Zeitlimit für den Lösch- und Speicherschreibvorgang für Volume
 "C:" wurde beim Warten auf eine Schreibvorgangfreigabe überschritten.
 
Error - 06.03.2013 14:34:13 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
Error - 06.03.2013 14:34:43 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
Error - 09.03.2013 10:54:47 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
Error - 09.03.2013 10:55:20 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
Error - 09.03.2013 13:03:15 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
 
< End of report >
--- --- ---


GMER Logfile:
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-09 19:09:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0003 298,09GB
Running: q1v34tnk.exe; Driver: C:\Users\Ralf\AppData\Local\Temp\pxldrpob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[1044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075981465 2 bytes [98, 75]
.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[1044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000759814bb 2 bytes [98, 75]
.text  ...                                                                                                                              * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                 
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                              0xF0 0x53 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                              0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                           0x8B 0xDD 0x3A 0x65 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                             
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                  0xF0 0x53 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                  0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                               0x8B 0xDD 0x3A 0x65 ...

---- EOF - GMER 2.1 ----
--- --- ---

ich vergaß
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:46 on 09/03/2013 (Ralf)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
Geändert von tom1223 (09.03.2013 um 18:32 Uhr)

 

Themen zu Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms
administrator, anhang, anti-malware, antivir, appdata, autostart, dateien, explorer, folge, gelöscht, gen, install.exe, laptop, löschen, meldungen, microsoft, msiexec.exe, office 2007, plug-in, quarantäne, rechnung, required, richtlinie, roaming, service, software, speicher, trojaner, trojaner-board, version, visual studio, worm, worms, zipdatei


« Groupon Rechnung - versteckte Trojaner | Browser extrem langsam.. »


Ähnliche Themen: Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms


  1. Fake Telekom Rechnung geöffnet
    Log-Analyse und Auswertung - 01.12.2014 (29)
  2. Fake Telekom Rechnung leider downgeloadet und geöffnet
    Plagegeister aller Art und deren Bekämpfung - 28.11.2014 (5)
  3. Telekom Fake-Rechnung: Anhang geöffnet
    Log-Analyse und Auswertung - 17.11.2014 (7)
  4. Telekom Fake Rechnung geöffnet!
    Log-Analyse und Auswertung - 27.07.2014 (19)
  5. Windows 7: Anhang in Fake Telekom-Mail (Rechnung) geöffnet - Trojaner TR/Kryptik.vnyz gefunden
    Log-Analyse und Auswertung - 06.07.2014 (9)
  6. Windows 7: A1 Rechnung mit .rtf Anhang geöffnet...
    Log-Analyse und Auswertung - 01.07.2014 (7)
  7. eventuell vodafone fake rechnung geöffnet
    Plagegeister aller Art und deren Bekämpfung - 19.06.2014 (13)
  8. Windows 7: versehentlich Fake Vodafone Rechnung geöffnet, jetzt hab ich Angst das ein Trojaner da ist
    Log-Analyse und Auswertung - 25.01.2014 (9)
  9. Fake Vodafone-Rechnung Link geöffnet
    Plagegeister aller Art und deren Bekämpfung - 21.01.2014 (3)
  10. Win 7: Anhang von Fake Telekom-Rechnung geöffnet. Trojanerinfektion
    Log-Analyse und Auswertung - 19.01.2014 (9)
  11. Rechnung mit MS DOS-Anhang geöffnet - Virus?
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (25)
  12. Mydirtyhobby.de Rechnung - Anhang geöffnet und ausgeführt
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (4)
  13. Seitensprung AG-Rechnung Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 12.04.2013 (7)
  14. Anhang von Fake-Rechnung geöffnet
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (2)
  15. Anhang von Fake-Groupon-Email geöffnet - Trojaner
    Log-Analyse und Auswertung - 11.03.2013 (11)
  16. Fake Vodafone Rechnung PDF geöffnet. Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (3)
  17. GMX Mail mit Anhang Rechnung geöffnet= Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.06.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms - Hi Trojaner-Board, ich versuche an einem anderen Laptop zu helfen: Dort wurde vor zwei Wochen eine Fake-Email mit Rechnung als Zipdatei im Anhang unwissendlich geöffnet und nun kommen ständig Virenmeldungen, - Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms...
Archiv
Du betrachtest: Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19