Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.08.2012, 11:08   #1
00frama00
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



Ich habe mir gestern den GVU-Trojaner eingefangen. Ich habe den PC mit der Medion Recovery-Funktion auf den Fabrikzustand zurückgesetzt. Ich will jetzt sicher gehen dass ich den Virus komplett entfernt habe. Wie kann ich das am besten überprüfen?
Danke euch im vorraus!

Hab mal nen OTL Scan in Windows ausgeführt:

Code:
ATTFilter
OTL logfile created on: 01.08.2012 13:29:12 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\******\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,88 Gb Total Physical Memory | 3,73 Gb Available Physical Memory | 63,49% Memory free
11,76 Gb Paging File | 9,57 Gb Available in Paging File | 81,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 414,66 Gb Total Space | 360,09 Gb Free Space | 86,84% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 23,73 Gb Free Space | 47,47% Space Free | Partition Type: NTFS
 
Computer Name: ****** | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\******\Downloads\OTL.exe (OldTimer Tools)
PRC - c:\users\markos~1\appdata\local\temp\teamviewer\version7\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Users\MARKOS~1\AppData\Local\Temp\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Users\MARKOS~1\AppData\Local\Temp\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b96fa5881ee18ee7a0534f351180e10e\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\2c288b6b4711d39edae7922e9a0f4cc0\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3339344709-530546076-4104204252-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKU\S-1-5-21-3339344709-530546076-4104204252-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3339344709-530546076-4104204252-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKU\S-1-5-21-3339344709-530546076-4104204252-1000\..\SearchScopes,DefaultScope = {8E07B8CF-F636-444A-8363-2A938309FA3A}
IE - HKU\S-1-5-21-3339344709-530546076-4104204252-1000\..\SearchScopes\{8E07B8CF-F636-444A-8363-2A938309FA3A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393
IE - HKU\S-1-5-21-3339344709-530546076-4104204252-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.08.01 12:21:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.08.01 12:21:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.08.01 12:21:02 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.91\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.91\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Anti-Banner = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{422EB3D7-1033-478F-90E0-BA9754EBBF55}: DhcpNameServer = 192.168.244.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FDE5C2E-220C-4E84-AE16-08B825383D41}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.01 12:14:05 | 000,000,000 | ---D | C] -- C:\Users\******\temp
[2012.08.01 12:14:04 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\TeamViewer
[2012.08.01 12:00:31 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.08.01 12:00:31 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.08.01 12:00:31 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.08.01 12:00:00 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.08.01 12:00:00 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.08.01 11:59:52 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Adobe
[2012.08.01 11:59:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Google
[2012.08.01 11:22:05 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Intel Corporation
[2012.08.01 10:59:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Medion Reminder
[2012.08.01 10:59:40 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Power2Go
[2012.08.01 10:59:26 | 000,000,000 | R--D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.08.01 10:59:26 | 000,000,000 | R--D | C] -- C:\Users\******\Searches
[2012.08.01 10:59:26 | 000,000,000 | R--D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.08.01 10:59:18 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Identities
[2012.08.01 10:59:16 | 000,000,000 | R--D | C] -- C:\Users\******\Contacts
[2012.08.01 10:59:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.08.01 10:59:14 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\VirtualStore
[2012.08.01 10:59:09 | 000,000,000 | --SD | C] -- C:\Users\******\AppData\Roaming\Microsoft
[2012.08.01 10:59:09 | 000,000,000 | R--D | C] -- C:\Users\******\Videos
[2012.08.01 10:59:09 | 000,000,000 | R--D | C] -- C:\Users\******\Saved Games
[2012.08.01 10:59:09 | 000,000,000 | R--D | C] -- C:\Users\******\Pictures
[2012.08.01 10:59:09 | 000,000,000 | R--D | C] -- C:\Users\******\Music
[2012.08.01 10:59:09 | 000,000,000 | R--D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.08.01 10:59:09 | 000,000,000 | R--D | C] -- C:\Users\******\Links
[2012.08.01 10:59:09 | 000,000,000 | R--D | C] -- C:\Users\******\Favorites
[2012.08.01 10:59:09 | 000,000,000 | R--D | C] -- C:\Users\******\Downloads
[2012.08.01 10:59:09 | 000,000,000 | R--D | C] -- C:\Users\******\Documents
[2012.08.01 10:59:09 | 000,000,000 | R--D | C] -- C:\Users\******\Desktop
[2012.08.01 10:59:09 | 000,000,000 | R--D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.08.01 10:59:09 | 000,000,000 | -HSD | C] -- C:\Users\******\Vorlagen
[2012.08.01 10:59:09 | 000,000,000 | -HSD | C] -- C:\Users\******\AppData\Local\Verlauf
[2012.08.01 10:59:09 | 000,000,000 | -HSD | C] -- C:\Users\******\AppData\Local\Temporary Internet Files
[2012.08.01 10:59:09 | 000,000,000 | -HSD | C] -- C:\Users\******\Startmenü
[2012.08.01 10:59:09 | 000,000,000 | -HSD | C] -- C:\Users\******\SendTo
[2012.08.01 10:59:09 | 000,000,000 | -HSD | C] -- C:\Users\******\Recent
[2012.08.01 10:59:09 | 000,000,000 | -HSD | C] -- C:\Users\******\Netzwerkumgebung
[2012.08.01 10:59:09 | 000,000,000 | -HSD | C] -- C:\Users\******\Lokale Einstellungen
[2012.08.01 10:59:09 | 000,000,000 | -HSD | C] -- C:\Users\******\Documents\Eigene Videos
[2012.08.01 10:59:09 | 000,000,000 | -HSD | C] -- C:\Users\******\Documents\Eigene Musik
[2012.08.01 10:59:09 | 000,000,000 | -HSD | C] -- C:\Users\******\Eigene Dateien
[2012.08.01 10:59:09 | 000,000,000 | -HSD | C] -- C:\Users\******\Documents\Eigene Bilder
[2012.08.01 10:59:09 | 000,000,000 | -HSD | C] -- C:\Users\******\Druckumgebung
[2012.08.01 10:59:09 | 000,000,000 | -HSD | C] -- C:\Users\******\Cookies
[2012.08.01 10:59:09 | 000,000,000 | -HSD | C] -- C:\Users\******\AppData\Local\Anwendungsdaten
[2012.08.01 10:59:09 | 000,000,000 | -HSD | C] -- C:\Users\******\Anwendungsdaten
[2012.08.01 10:59:09 | 000,000,000 | -H-D | C] -- C:\Users\******\AppData
[2012.08.01 10:59:09 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor
[2012.08.01 10:59:09 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Temp
[2012.08.01 10:59:09 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Microsoft
[2012.08.01 10:59:09 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Media Center Programs
[2012.08.01 10:59:09 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Macromedia
[2012.08.01 10:59:09 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover
[2012.08.01 10:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012.08.01 10:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2012.08.01 10:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Memeo
[2012.08.01 10:58:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Memeo
[2012.08.01 10:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Rescue Disk 10
[2012.08.01 10:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012.08.01 10:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.08.01 10:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012.08.01 10:57:33 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.08.01 10:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTERBILD Vorteil-Center
[2012.08.01 10:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMPUTERBILD Vorteil-Center
[2012.08.01 10:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2012.08.01 10:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\watchmi
[2012.08.01 10:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\watchmi
[2012.08.01 10:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TvdPersonal
[2012.08.01 10:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2012.08.01 10:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.08.01 10:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.08.01 10:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.08.01 10:54:48 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.08.01 10:54:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2012.08.01 10:54:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.01 19:54:38 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.08.01 19:54:38 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.08.01 13:20:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.08.01 13:07:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.01 13:06:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.01 12:29:04 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 12:29:04 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 12:21:01 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.08.01 12:21:01 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012.08.01 12:13:53 | 009,112,102 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.01 12:13:53 | 000,694,454 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012.08.01 12:13:53 | 000,693,478 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012.08.01 12:13:53 | 000,691,216 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012.08.01 12:13:53 | 000,689,750 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012.08.01 12:13:53 | 000,689,132 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012.08.01 12:13:53 | 000,679,366 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2012.08.01 12:13:53 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.01 12:13:53 | 000,632,204 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2012.08.01 12:13:53 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.01 12:13:53 | 000,610,226 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2012.08.01 12:13:53 | 000,551,794 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2012.08.01 12:13:53 | 000,462,196 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2012.08.01 12:13:53 | 000,148,334 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2012.08.01 12:13:53 | 000,137,086 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012.08.01 12:13:53 | 000,134,864 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012.08.01 12:13:53 | 000,133,776 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2012.08.01 12:13:53 | 000,132,964 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012.08.01 12:13:53 | 000,130,164 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012.08.01 12:13:53 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.01 12:13:53 | 000,127,168 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012.08.01 12:13:53 | 000,121,550 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2012.08.01 12:13:53 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.01 12:13:53 | 000,089,460 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2012.08.01 12:13:53 | 000,079,828 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2012.08.01 12:07:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.01 11:55:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.01 11:55:11 | 442,204,159 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.01 11:20:10 | 000,283,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.01 10:57:33 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
 
========== Files Created - No Company Name ==========
 
[2012.08.01 13:20:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.08.01 11:03:30 | 442,204,159 | -HS- | C] () -- C:\hiberfil.sys
[2012.08.01 10:59:30 | 000,001,409 | ---- | C] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.08.01 10:59:27 | 000,001,443 | ---- | C] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.08.01 10:59:04 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2012.08.01 10:58:36 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.08.01 10:58:36 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012.08.01 10:56:54 | 000,002,786 | ---- | C] () -- C:\Users\Public\Desktop\MEDIONmail.lnk
[2012.08.01 10:56:54 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Erstellen Sie Ihre Support-DVD.lnk
[2012.08.01 10:56:54 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\MEDION Serviceportal.lnk
[2012.08.01 10:56:54 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\LIFESTORE.lnk
[2012.08.01 10:56:53 | 000,001,247 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2012.08.01 10:56:42 | 000,002,527 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
[2012.08.01 10:56:42 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\watchmi.lnk
[2012.08.01 10:56:38 | 000,002,360 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2012.08.01 10:56:29 | 000,002,360 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.08.01 10:56:19 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.01 10:56:18 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.14 00:31:34 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.04.14 00:31:33 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.04.14 00:31:30 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.04.14 00:31:29 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.04.14 00:31:27 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== LOP Check ==========
 
[2012.08.01 12:14:04 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TeamViewer
[2009.07.14 07:08:49 | 000,019,068 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 01.08.2012 13:29:12 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\*******\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,88 Gb Total Physical Memory | 3,73 Gb Available Physical Memory | 63,49% Memory free
11,76 Gb Paging File | 9,57 Gb Available in Paging File | 81,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 414,66 Gb Total Space | 360,09 Gb Free Space | 86,84% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 23,73 Gb Free Space | 47,47% Space Free | Partition Type: NTFS
 
Computer Name: ******* | User Name: ******* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{101D44C9-6FFE-4B37-B201-D1B370AA314E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1C945B72-AB2F-47FA-8E9C-855EF832D068}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2245D4C6-527F-4F03-B1F1-2A9BB3C614B1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2B4740C5-8082-4C7D-BDA2-B1F4CE14302B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2DF83E39-86DF-45F6-9320-BF8646A3402B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{32A43E7D-5E8C-48D1-9638-4DECF202BA79}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3A1333A9-7A63-4775-A77C-F0AC0D2E323D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3CAAC87C-7D8C-4AD3-B2CA-59B905D5E759}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F0CB73A-4640-4B7B-A0AC-524E66E23823}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{43C543DC-7C7A-4079-AB04-CBDBC2D38666}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4F46B7EF-F121-40A2-85E6-D57B36848E22}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5508BED7-C1AF-4F93-8449-89B42F484988}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9F6D357F-ADA7-4868-AEF9-1FA1885D107F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B75BB9F3-DEDA-4B03-9E8C-237998D3F3CC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B7CF1D4D-98C7-455F-B267-B5E2CC644E37}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B8C37178-ED10-478D-8890-4460891FFAFE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B9A2967E-6ACE-41D3-BF4A-7C26278AB90B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BDFC8A8F-D998-4FD6-9651-892D943ABDCA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C3DBBA1E-68DF-455A-9845-C583CA907ADD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D01E84EC-0F36-4D43-A4DD-2AED640D1727}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D63C74F5-9DCE-4F49-A501-D838905BB8A3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{EBA59845-F6EC-4E6D-B213-1024413F821D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F40977E2-A0AC-4929-8FFC-3F47FC0AFA76}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{060D1CA1-7637-402E-AD75-5C52F8352F76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0A324966-91DF-42DE-A985-69574CC3DB19}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1322716A-C728-4C81-94C5-B7B1507877C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{132D0808-9139-40B3-BDF5-F746437DB391}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{19D13398-4894-4620-9054-826395AE2EEF}" = protocol=6 | dir=out | app=system | 
"{1D501D26-8960-4817-887D-D0A2AFEC4D17}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1EB844FA-DA70-459F-8A6D-737E8C78295B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{47F7E152-918F-4227-9067-AE67180391CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5417B635-8DBA-4192-9921-EAA8CAF4AC4A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{551DB4E1-D6FD-41CB-95D8-526E4BAD54D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6690C48D-9650-4E13-9929-FE1B80FA62E1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7171E4B1-5E36-4D6C-9585-07511BC61F60}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{85832019-5E10-4687-9BE8-ECC6260C4DFB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{8F5DC733-2577-4912-8E71-E7B7A8BA958E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9CC57BB6-4802-4D0B-BCA6-944DA2516A5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C0B4056E-B896-435C-BBE5-FF8029F17959}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{CB2332EA-77AC-41DE-AD54-8B1B22BDC0F9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{CD055ACD-A2C9-423C-9AFE-F8334972C2C7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D81115A4-A3AC-4512-BD8A-7BB8E0CEEA28}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DEB4B80D-EE4D-42F6-9A38-04FE94088C02}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E33EE560-9D1A-4772-8E51-45C7E90CCBAB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EE6DE57B-0E0F-4268-BCF8-02D5B1722DE5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B7E68A6D-1C9B-4F18-B021-949115021714}" = COMPUTERBILD Vorteil-Center
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0559C5E-7912-4391-B1A0-6B975F0E5064}" = watchmi
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.08.2012 05:20:29 | Computer Name = ******* | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
 args)
 
Error - 01.08.2012 05:23:46 | Computer Name = ******* | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
 args)
 
Error - 01.08.2012 05:55:35 | Computer Name = ******* | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
 args)
 
Error - 01.08.2012 06:21:46 | Computer Name = ******* | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Backup My 
Data\*******\Downloads\SoftonicDownloader_fuer_vokabeltrainer.exe". Fehler
 in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 01.08.2012 06:58:21 | Computer Name = ******* | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 01.08.2012 06:58:37 | Computer Name = ******* | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 01.08.2012 06:59:30 | Computer Name = ******* | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 01.08.2012 07:02:11 | Computer Name = ******* | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 01.08.2012 07:03:02 | Computer Name = ******* | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 01.08.2012 07:05:21 | Computer Name = ******* | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
[ System Events ]
Error - 01.08.2012 13:54:03 | Computer Name = ******* | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Intel(R) Content Protection HECI Service" wurde mit folgendem
 Fehler beendet:   %%-2147024637
 
Error - 01.08.2012 05:23:19 | Computer Name = ******* | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?08.?2012 um 11:21:56 unerwartet heruntergefahren.
 
Error - 01.08.2012 06:01:59 | Computer Name = ******* | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
Mfg

Alt 01.08.2012, 15:24   #2
markusg
/// Malware-holic
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



sieht ok aus, sichere den pc ab:
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.72

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________

__________________

Alt 02.08.2012, 14:07   #3
00frama00
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



Hi Markus,
danke für die schnelle Antwort.
Oh mein Gott - da habe ich ja viel abzuarbeiten. Leider bin ab heute für 2 Wochen im Urlaub. Wäre schön wenn du mir auch dann noch mit Rat und Tat zur Seite stehen könntest.
Nochmals Danke, ich nehme jetzt den Rechner vom Strom und melde mich wenn ich zurück bin
lg Manuela
__________________

Alt 28.08.2012, 18:36   #4
00frama00
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



Hey Markus,
nochmal vielen dank für die ausführliche beschreibung.
Habe jetzt alles genau nach beschreibung durchgeführt und ich denke es ist nun alles wieder in Ordnung.
Nur die vollversion von Sandboxie habe ich mir noch nicht zugelegt was ich in naher zukunft wahrscheinlich tun werde.
lg Manuela

Antwort

Themen zu GVU Trojaner entfernen
2.0.7, avp.exe, beste, besten, entfern, entferne, entfernen, entfernt, gestern, gvu trojaner, gvu trojaner entfernen, gvu-trojaner, install.exe, komplett, medion, plug-in, richtlinie, troja, trojaner, trojaner entferne, trojaner entfernen, usb 3.0, virus, überprüfe, überprüfen




Ähnliche Themen: GVU Trojaner entfernen


  1. Babylon toolbar entfernen, BrowserCompanion entfernen, DealPly entfernen, GinyasBrowserCompanions entfernen
    Log-Analyse und Auswertung - 17.12.2014 (9)
  2. GVU Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (13)
  3. GVU Trojaner entfernen
    Log-Analyse und Auswertung - 08.07.2013 (9)
  4. GVU-Trojaner. Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (2)
  5. GUV Trojaner 2.07 entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.10.2012 (6)
  6. Windows Uptdate Trojaner "Neuer Verschlüsselung Trojaner" Verschlüsseung entfernen, WIE?
    Plagegeister aller Art und deren Bekämpfung - 19.10.2012 (3)
  7. Trojaner Generic-FRAX!EF3DA767ACD3 Trojan entdeckt bei Versuch unbekannten Trojaner zu entfernen
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (3)
  8. Trojaner Generic-FRAX!EF3DA767ACD3 Trojan entdeckt bei Versuch unbekannten Trojaner zu entfernen
    Mülltonne - 04.08.2012 (1)
  9. Live Security Platinum-Trojaner, Verschlüsselungs-Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (1)
  10. BKA Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (5)
  11. GVU-Trojaner v2.04 entfernen (Windows XP) Trojaner mit Urheberrechtsverletzung
    Plagegeister aller Art und deren Bekämpfung - 31.05.2012 (1)
  12. wie BKA trojaner entfernen?!
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (2)
  13. BKA-Trojaner entfernen
    Log-Analyse und Auswertung - 23.07.2011 (6)
  14. Trojaner Kozy - desktop schwarz daten weg - wie kann ich den trojaner entfernen?
    Log-Analyse und Auswertung - 30.04.2011 (1)
  15. Trojaner TR/crypt.xpack.gen u. win32.dnschanger entfernen entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.02.2009 (14)
  16. Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.10.2008 (1)
  17. Trojaner entfernen...
    Plagegeister aller Art und deren Bekämpfung - 10.01.2007 (3)

Zum Thema GVU Trojaner entfernen - Ich habe mir gestern den GVU-Trojaner eingefangen. Ich habe den PC mit der Medion Recovery-Funktion auf den Fabrikzustand zurückgesetzt. Ich will jetzt sicher gehen dass ich den Virus komplett entfernt - GVU Trojaner entfernen...
Archiv
Du betrachtest: GVU Trojaner entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.