Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Dateien verschlüsselt nach Trojanerinfizierung (TR/Crypt.XPACK.Gen8, TR/Matsnu.EB.98)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.01.2013, 23:15   #1
jcs
 
Dateien verschlüsselt nach Trojanerinfizierung (TR/Crypt.XPACK.Gen8, TR/Matsnu.EB.98) - Standard

Dateien verschlüsselt nach Trojanerinfizierung (TR/Crypt.XPACK.Gen8, TR/Matsnu.EB.98)



Hallo liebes Board-Team,

gestern ist auf einem Rechner bei uns in der Familie ein Email-Anhang mit Bundespolizei-Trojaner geöffnet worden.
Den Trojaner haben wir soweit entfernt, was aber zurückbleibt ist eine Menge verschlüsselter Dateien.

Ich habe die Entschlüsselungstool hier mal durchprobiert, aber alle ohne Erfolg.

Ein einigermaßen aktuelles Backup ist leider nicht vorhanden.

Kann man da was machen und falls ja, was genau braucht Ihr?

Ich habe anbei einmal ein Log vom Avira, das stammt aber von heute, nachdem das Systen gestern mit dem HITMANpro gereinigt worden ist.
Davon habe ich leider kein Logfile.
Code:
ATTFilter
Exportierte Ereignisse:

25.01.2013 09:37 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\horstannette\AppData\Roaming\Ymcvahod\mypvnmunc.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen8' [trojan].
      Durchgeführte Aktion(en):
      Der Registrierungseintrag 
      <HKEY_USERS\S-1-5-21-1981733006-1533872132-587106206-1000\SOFTWARE\Microsoft\Win
      dows\CurrentVersion\Run\56B79F85> wurde erfolgreich repariert.
      Der Registrierungseintrag 
      <HKEY_USERS\S-1-5-21-1981733006-1533872132-587106206-1000\SOFTWARE\Microsoft\Win
      dows\CurrentVersion\Run\56B79F85> wurde erfolgreich repariert.
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '53cfedf7.qua' 
      verschoben!

25.01.2013 09:36 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\horstannette\AppData\Roaming\Ymcvahod\mypvnmunc.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen8' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.01.2013 16:43 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\horstannette\AppData\Roaming\Ymcvahod\mypvnmunc.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen8' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.01.2013 16:43 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\horstannette\Pvlnrqypv\lhzbdpmunc.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen8' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.01.2013 16:01 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\horstannette\AppData\Roaming\Ymcvahod\mypvnmunc.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen8' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.01.2013 15:58 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\horstannette\AppData\Local\Temp\{3980-79F464-79F864}'
      wurde ein Virus oder unerwünschtes Programm 'TR/Downloader.Gen8' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.01.2013 15:55 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\horstannette\AppData\Roaming\Ymcvahod\mypvnmunc.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen8' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.01.2013 15:52 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\horstannette\AppData\Local\Temp\{3980-79F464-79F864}'
      wurde ein Virus oder unerwünschtes Programm 'TR/Downloader.Gen8' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.01.2013 15:46 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\horstannette\AppData\Local\Temp\{3980-79F464-79F864}'
      wurde ein Virus oder unerwünschtes Programm 'TR/Downloader.Gen8' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.01.2013 15:39 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\horstannette\AppData\Local\Temp\{3980-79F464-79F864}'
      wurde ein Virus oder unerwünschtes Programm 'TR/Downloader.Gen8' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.01.2013 15:38 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\horstannette\AppData\Roaming\playm.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.ZBot.QJY' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.01.2013 15:36 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\horstannette\AppData\Roaming\Esqeoh\tunay.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Agent.204800.24' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.01.2013 15:36 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\horstannette\Fxqzvlc\whlvpfjmunc.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Matsnu.EB.98' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.01.2013 15:36 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\horstannette\AppData\Roaming\playm.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.ZBot.QJY' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.01.2013 15:36 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\horstannette\AppData\Roaming\Ymcvahod\mypvnmunc.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen8' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         

Ich habe gerade nochmal den OTL laufen lassen, allerdings läft da noch der TeamViewer drauf, da ich aktuell keinen direkten Zugriff auf den Rechner habe.

OTL.txt
Code:
ATTFilter
OTL logfile created on: 25.01.2013 22:54:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\horstannette\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 61,56% Memory free
7,96 Gb Paging File | 6,04 Gb Available in Paging File | 75,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 880,41 Gb Total Space | 798,88 Gb Free Space | 90,74% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 30,25 Gb Free Space | 60,49% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 7,27 Gb Free Space | 97,60% Space Free | Partition Type: FAT32
 
Computer Name: HORSTANNETTE-PC | User Name: horstannette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.25 22:57:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\horstannette\Desktop\OTL.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.26 09:03:23 | 002,150,312 | ---- | M] (TeamViewer GmbH) -- c:\program files (x86)\teamviewer\version6\TeamViewer_Desktop.exe
PRC - [2012.10.26 09:03:22 | 008,358,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2012.10.26 09:03:22 | 002,417,576 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2012.10.26 08:06:50 | 000,108,456 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
PRC - [2012.09.10 09:17:48 | 000,436,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
PRC - [2012.09.05 16:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2012.08.09 07:52:11 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 18:20:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 18:20:57 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.04 14:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.05.20 18:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.05.20 18:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.03.11 13:08:32 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.03.11 13:08:31 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.10 08:15:07 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll
MOD - [2013.01.10 08:15:07 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll
MOD - [2013.01.09 18:41:20 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
MOD - [2013.01.09 18:41:16 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 18:40:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013.01.09 18:40:54 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 18:40:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.09 18:40:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 18:40:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.09 18:40:38 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 18:40:32 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.09.10 09:17:56 | 000,025,592 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll
MOD - [2012.09.10 09:17:52 | 000,254,968 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2012.09.10 09:17:50 | 000,073,720 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2012.02.14 19:38:52 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.03.11 10:19:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.01.24 15:37:10 | 000,108,904 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2011.10.13 21:30:42 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.01.19 10:06:23 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.09 11:29:10 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.26 09:03:22 | 002,417,576 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2012.09.05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.05.08 18:20:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 18:20:57 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.07 11:23:08 | 000,070,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.28 01:47:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011.05.20 18:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.11 13:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.03.11 13:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 18:20:57 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 18:20:57 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.11.17 15:37:16 | 000,572,336 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011.11.17 15:37:16 | 000,059,184 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011.11.17 15:37:14 | 000,352,816 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2011.10.18 01:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.10.13 22:37:28 | 010,496,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.10.13 20:52:48 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.08.02 01:47:30 | 000,391,144 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.08.02 01:47:30 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.06.10 13:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.20 17:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 13:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010.11.25 14:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.23 21:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {1BEF5419-1058-45F6-B928-D09B760E31FD}
IE - HKCU\..\SearchScopes\{1BEF5419-1058-45F6-B928-D09B760E31FD}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_deDE470DE471
IE - HKCU\..\SearchScopes\{1D559A8E-04D9-494D-BC8D-57968520AAA5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=5CD838A6-2E72-4A2E-8805-809462EA334A&apn_sauid=2004D96B-A465-4E64-9C23-FAC94B84DA41
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=5CD838A6-2E72-4A2E-8805-809462EA334A&apn_ptnrs=&apn_sauid=2004D96B-A465-4E64-9C23-FAC94B84DA41&apn_dtid=OSJ000&&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 10:06:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 15:10:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 10:06:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 15:10:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.02.09 12:30:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horstannette\AppData\Roaming\mozilla\Extensions
[2012.10.24 13:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horstannette\AppData\Roaming\mozilla\Firefox\Profiles\fj1j3v54.default\extensions
[2012.10.16 09:38:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\horstannette\AppData\Roaming\mozilla\Firefox\Profiles\fj1j3v54.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.10.22 08:13:25 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\horstannette\AppData\Roaming\mozilla\Firefox\Profiles\fj1j3v54.default\extensions\toolbar@ask.com
[2012.10.22 08:13:25 | 000,002,299 | ---- | M] () -- C:\Users\horstannette\AppData\Roaming\mozilla\firefox\profiles\fj1j3v54.default\searchplugins\askcom.xml
[2013.01.19 10:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.19 10:06:23 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\horstannette\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\horstannette\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\horstannette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\horstannette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [56B79F85] C:\Users\horstannette\AppData\Roaming\Ymcvahod\mypvnmunc.exe File not found
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - Startup: C:\Users\horstannette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\horstannette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk = C:\Program Files (x86)\Versandhelfer\Versandhelfer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30924113-C70C-4A09-92FC-A1E12B183665}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.25 22:49:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\horstannette\Desktop\OTL.exe
[2013.01.25 21:43:02 | 000,000,000 | ---D | C] -- C:\Users\horstannette\AppData\Roaming\www.shadowexplorer.com
[2013.01.25 21:21:11 | 000,000,000 | ---D | C] -- C:\Users\horstannette\Desktop\scareuncrypt
[2013.01.25 21:21:04 | 000,000,000 | ---D | C] -- C:\Users\horstannette\Desktop\matsnu1decrypt
[2013.01.25 20:10:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2013.01.25 20:09:07 | 000,000,000 | ---D | C] -- C:\Users\horstannette\AppData\Roaming\TeamViewer
[2013.01.25 20:09:00 | 003,519,576 | ---- | C] (TeamViewer GmbH) -- C:\Users\horstannette\Desktop\TeamViewerQS.exe
[2013.01.25 10:38:39 | 000,000,000 | ---D | C] -- C:\Users\horstannette\Desktop\__MACOSX
[2013.01.25 10:37:09 | 000,000,000 | ---D | C] -- C:\Users\horstannette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.25 10:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.25 10:37:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2013.01.24 18:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\diabolo®
[2013.01.24 18:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\diabolo
[2013.01.24 16:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\restore
[2013.01.24 15:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.01.24 15:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.01.24 15:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.01.24 13:08:22 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.01.24 11:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alex Feinman
[2013.01.24 11:50:55 | 000,000,000 | ---D | C] -- C:\Users\horstannette\AppData\Roaming\CyberLink
[2013.01.24 11:46:55 | 000,000,000 | ---D | C] -- C:\archive_db
[2013.01.24 11:18:29 | 000,000,000 | ---D | C] -- C:\arc_240113101741013
[2013.01.24 11:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\backup
[2013.01.24 11:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2013.01.24 11:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2013.01.24 11:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2012 Free
[2013.01.24 11:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paragon Software
[2013.01.24 09:45:41 | 000,000,000 | ---D | C] -- C:\Users\horstannette\AppData\Roaming\Ymcvahod
[2013.01.24 09:12:49 | 000,000,000 | ---D | C] -- C:\Users\horstannette\Pvlnrqypv
[2013.01.24 09:09:41 | 000,000,000 | ---D | C] -- C:\Users\horstannette\AppData\Roaming\Tium
[2013.01.24 09:09:41 | 000,000,000 | ---D | C] -- C:\Users\horstannette\AppData\Roaming\Eguro
[2013.01.19 10:06:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.17 16:08:47 | 000,000,000 | ---D | C] -- C:\Users\horstannette\AppData\Local\TomTom
[2013.01.17 16:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2013.01.17 16:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2013.01.17 16:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyTomTom 3
[2013.01.16 16:52:31 | 000,000,000 | ---D | C] -- C:\Users\horstannette\Documents\Steuer
[2013.01.16 16:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer 2013
[2013.01.09 15:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.01.06 17:43:01 | 000,000,000 | ---D | C] -- C:\Users\horstannette\AppData\Roaming\Buhl Data Service
[2013.01.06 17:43:00 | 000,000,000 | ---D | C] -- C:\Users\horstannette\AppData\Local\Buhl Data Service
[2013.01.04 11:34:48 | 000,000,000 | ---D | C] -- C:\Users\horstannette\AppData\Local\{953FB287-3793-44E0-9411-5BAC1D424346}
[2013.01.04 11:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.25 22:57:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\horstannette\Desktop\OTL.exe
[2013.01.25 22:48:39 | 000,000,000 | ---- | M] () -- C:\Users\horstannette\defogger_reenable
[2013.01.25 22:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.25 22:26:38 | 000,079,570 | ---- | M] () -- C:\Users\horstannette\Desktop\Annette Gr teke MAHNUNG Auftrag  55391384.eml
[2013.01.25 22:00:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.25 21:27:31 | 000,050,477 | ---- | M] () -- C:\Users\horstannette\Desktop\Defogger.exe
[2013.01.25 20:10:29 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2013.01.25 20:08:33 | 003,519,576 | ---- | M] (TeamViewer GmbH) -- C:\Users\horstannette\Desktop\TeamViewerQS.exe
[2013.01.25 10:11:03 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.25 10:11:03 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.25 10:11:03 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.25 10:11:03 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.25 10:11:03 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.25 09:43:36 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.25 09:43:36 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.25 09:36:26 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.25 09:36:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.25 09:36:06 | 3206,787,072 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.24 18:47:07 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\diabolo imatro edition.lnk
[2013.01.24 15:48:45 | 000,000,946 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013.01.24 15:37:10 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.01.24 11:50:29 | 000,001,135 | ---- | M] () -- C:\Users\horstannette\Desktop\KWU_1.0.3.upd - Verknüpfung.lnk
[2013.01.24 11:16:33 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.01.24 11:11:53 | 000,002,417 | ---- | M] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2012 Free.lnk
[2013.01.21 19:15:16 | 109,285,376 | ---- | M] () -- C:\Users\horstannette\Documents\JpOTVLfJlrnsoe
[2013.01.19 16:38:49 | 000,011,227 | ---- | M] () -- C:\Users\horstannette\Documents\pOsLtEVDrXoxEr
[2013.01.19 15:39:36 | 000,007,091 | ---- | M] () -- C:\Users\horstannette\Documents\XNDUqagTvLfqtgD
[2013.01.16 16:54:40 | 000,766,976 | ---- | M] () -- C:\Users\horstannette\Documents\LVyuelvUnnvDDLdOlT
[2013.01.16 16:46:31 | 000,000,174 | ---- | M] () -- C:\Windows\wiso.ini
[2013.01.16 16:46:29 | 000,002,131 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2013.01.16 16:46:29 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer 2013.lnk
[2013.01.16 10:56:07 | 000,171,481 | ---- | M] () -- C:\Users\horstannette\Documents\eOauTEsEVXvlofygsQ
[2013.01.10 08:50:22 | 000,017,004 | ---- | M] () -- C:\Users\horstannette\Documents\JANsOlAxpODutEGarp
[2013.01.09 18:39:42 | 000,309,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.04 11:17:54 | 000,020,194 | ---- | M] () -- C:\Users\horstannette\gDvTgtEsyQpvty
[2013.01.04 11:09:42 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2013.01.04 10:42:08 | 000,003,634 | ---- | M] () -- C:\Users\horstannette\Documents\sTfAfQsgssqUyXgot
[2013.01.04 10:32:09 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.01.04 10:25:20 | 000,010,455 | ---- | M] () -- C:\Users\horstannette\nVjLdeQgxqErepvjfTNQa
[2012.12.31 10:27:21 | 008,953,386 | ---- | M] () -- C:\Users\horstannette\Desktop\JlgpgAdnsrTvnGqaupNLG
 
========== Files Created - No Company Name ==========
 
[2013.01.25 22:48:39 | 000,000,000 | ---- | C] () -- C:\Users\horstannette\defogger_reenable
[2013.01.25 22:26:38 | 000,079,570 | ---- | C] () -- C:\Users\horstannette\Desktop\Annette Gr teke MAHNUNG Auftrag  55391384.eml
[2013.01.25 21:19:50 | 000,050,477 | ---- | C] () -- C:\Users\horstannette\Desktop\Defogger.exe
[2013.01.25 20:10:29 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2013.01.25 20:10:29 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2013.01.24 18:47:21 | 061,345,792 | ---- | C] () -- C:\Users\horstannette\Documents\diabolo.mdb
[2013.01.24 18:47:20 | 000,163,840 | ---- | C] () -- C:\Users\horstannette\Documents\System.mdw
[2013.01.24 18:47:07 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\diabolo imatro edition.lnk
[2013.01.24 15:41:54 | 000,000,946 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013.01.24 15:37:10 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.01.24 11:50:21 | 000,001,135 | ---- | C] () -- C:\Users\horstannette\Desktop\KWU_1.0.3.upd - Verknüpfung.lnk
[2013.01.24 11:11:53 | 000,002,417 | ---- | C] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2012 Free.lnk
[2013.01.16 16:46:29 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer 2013.lnk
[2013.01.04 10:32:09 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.04 10:32:09 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.10.15 09:00:15 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.02 10:15:42 | 000,000,000 | ---- | C] () -- C:\Users\horstannette\pNsjtDvaudqsLJsn
[2012.02.28 16:45:02 | 000,000,174 | ---- | C] () -- C:\Windows\wiso.ini
[2012.02.25 15:51:48 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.02.25 15:51:48 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.02.25 15:51:48 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.02.25 15:51:48 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.02.25 15:51:48 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.02.25 15:51:48 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.02.25 15:51:48 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.02.25 15:51:48 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.02.25 15:51:48 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.02.25 15:51:48 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.02.25 15:51:48 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.02.25 15:51:48 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.02.25 15:51:48 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.02.25 15:51:48 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.02.25 15:51:48 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.02.25 15:51:48 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.02.25 15:51:48 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.02.25 15:51:48 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.02.25 15:51:48 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012.02.25 15:48:06 | 000,000,027 | ---- | C] () -- C:\Windows\CDE RX585DEFGIPS.ini
[2011.11.23 19:20:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.11.23 19:20:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.11.23 19:20:21 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.10.14 01:53:18 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.10.14 01:53:02 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.08.22 17:19:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.08 07:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[1601.02.13 09:28:18 | 001,483,586 | ---- | C] () -- C:\Users\horstannette\OlJasjsOsuLfQDQ
[1601.02.13 09:28:18 | 000,524,687 | ---- | C] () -- C:\Users\horstannette\tLdErpvtqfpvsjtAOeJdy
[1601.02.13 09:28:18 | 000,283,920 | ---- | C] () -- C:\Users\horstannette\lrpoVLgsulLsLJDjdAJ
[1601.02.13 09:28:18 | 000,147,125 | ---- | C] () -- C:\Users\horstannette\XJeVopvaNAULGJesn
[1601.02.13 09:28:18 | 000,130,813 | ---- | C] () -- C:\Users\horstannette\nfqfEpJotLUrpretnlr
[1601.02.13 09:28:18 | 000,125,047 | ---- | C] () -- C:\Users\horstannette\LtAOeaAofnrQaEsuDDoyG
[1601.02.13 09:28:18 | 000,030,479 | ---- | C] () -- C:\Users\horstannette\ytExoJpvULtsvlgf
[1601.02.13 09:28:18 | 000,020,194 | ---- | C] () -- C:\Users\horstannette\gDvTgtEsyQpvty
[1601.02.13 09:28:18 | 000,019,184 | ---- | C] () -- C:\Users\horstannette\eQTrUAUyrpvtyGDOejG
[1601.02.13 09:28:18 | 000,018,785 | ---- | C] () -- C:\Users\horstannette\UjxLUpNVLGEgsrdqtXJs
[1601.02.13 09:28:18 | 000,018,771 | ---- | C] () -- C:\Users\horstannette\UjGXrXLGlUDQauGjQa
[1601.02.13 09:28:18 | 000,018,771 | ---- | C] () -- C:\Users\horstannette\sxaQlOGqNXgTqUygeo
[1601.02.13 09:28:18 | 000,018,729 | ---- | C] () -- C:\Users\horstannette\eQagXAdEJeQXyfA
[1601.02.13 09:28:18 | 000,016,896 | ---- | C] () -- C:\Users\horstannette\pQsyxqdsJsEdjtDueEd
[1601.02.13 09:28:18 | 000,010,455 | ---- | C] () -- C:\Users\horstannette\nVjLdeQgxqErepvjfTNQa
[1601.02.13 09:28:18 | 000,007,275 | ---- | C] () -- C:\Users\horstannette\OpvlxysrlQLdNTNpfEUOs
[1601.02.13 09:28:18 | 000,005,233 | ---- | C] () -- C:\Users\horstannette\ODxVugtuGvEdxrQU
[1601.02.13 09:28:18 | 000,004,802 | ---- | C] () -- C:\Users\horstannette\VLtqdJDQqxAXJXrEf
[1601.02.13 09:28:18 | 000,004,612 | ---- | C] () -- C:\Users\horstannette\ntqfApvaNAxLpretylrTQ
[1601.02.13 09:28:18 | 000,003,709 | ---- | C] () -- C:\Users\horstannette\uNserGxLaeysyNGuTQuo
[1601.02.13 09:28:18 | 000,001,927 | ---- | C] () -- C:\Users\horstannette\pNqafruAJgxJsOftd
[1601.02.13 09:28:18 | 000,000,659 | ---- | C] () -- C:\Users\horstannette\vlrasjdrlOoUopJXro
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.06 17:43:01 | 000,000,000 | ---D | M] -- C:\Users\horstannette\AppData\Roaming\Buhl Data Service
[2012.02.27 09:15:25 | 000,000,000 | ---D | M] -- C:\Users\horstannette\AppData\Roaming\dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1
[2013.01.24 09:43:39 | 000,000,000 | ---D | M] -- C:\Users\horstannette\AppData\Roaming\Eguro
[2013.01.04 11:10:02 | 000,000,000 | ---D | M] -- C:\Users\horstannette\AppData\Roaming\elsterformular
[2012.09.17 09:03:35 | 000,000,000 | ---D | M] -- C:\Users\horstannette\AppData\Roaming\EPSON
[2012.02.14 20:07:34 | 000,000,000 | ---D | M] -- C:\Users\horstannette\AppData\Roaming\OpenOffice.org
[2013.01.19 16:41:32 | 000,000,000 | ---D | M] -- C:\Users\horstannette\AppData\Roaming\SoftGrid Client
[2013.01.25 20:09:07 | 000,000,000 | ---D | M] -- C:\Users\horstannette\AppData\Roaming\TeamViewer
[2012.02.09 12:36:23 | 000,000,000 | ---D | M] -- C:\Users\horstannette\AppData\Roaming\Thunderbird
[2013.01.24 09:09:41 | 000,000,000 | ---D | M] -- C:\Users\horstannette\AppData\Roaming\Tium
[2012.10.15 09:01:05 | 000,000,000 | ---D | M] -- C:\Users\horstannette\AppData\Roaming\TP
[2012.02.07 11:41:38 | 000,000,000 | ---D | M] -- C:\Users\horstannette\AppData\Roaming\Windows Live Writer
[2013.01.25 21:43:02 | 000,000,000 | ---D | M] -- C:\Users\horstannette\AppData\Roaming\www.shadowexplorer.com
[2013.01.25 09:37:23 | 000,000,000 | ---D | M] -- C:\Users\horstannette\AppData\Roaming\Ymcvahod
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 869 bytes -> C:\Users\horstannette\Desktop\Annette Gr teke MAHNUNG Auftrag  55391384.eml:OECustomProperty
@Alternate Data Stream - 845 bytes -> C:\Users\horstannette\Desktop\JlgpgAdnsrTvnGqaupNLG:OECustomProperty
@Alternate Data Stream - 729 bytes -> C:\Users\horstannette\OlJasjsOsuLfQDQ:OECustomProperty
@Alternate Data Stream - 729 bytes -> C:\Users\horstannette\lrpoVLgsulLsLJDjdAJ:OECustomProperty
@Alternate Data Stream - 728 bytes -> C:\Users\horstannette\vlrasjdrlOoUopJXro:OECustomProperty
@Alternate Data Stream - 725 bytes -> C:\Users\horstannette\OpvlxysrlQLdNTNpfEUOs:OECustomProperty
@Alternate Data Stream - 677 bytes -> C:\Users\horstannette\ntqfApvaNAxLpretylrTQ:OECustomProperty
@Alternate Data Stream - 3031 bytes -> C:\Users\horstannette\VLtqdJDQqxAXJXrEf:OECustomProperty

< End of report >
         
extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 25.01.2013 22:54:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\horstannette\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 61,56% Memory free
7,96 Gb Paging File | 6,04 Gb Available in Paging File | 75,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 880,41 Gb Total Space | 798,88 Gb Free Space | 90,74% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 30,25 Gb Free Space | 60,49% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 7,27 Gb Free Space | 97,60% Space Free | Partition Type: FAT32
 
Computer Name: HORSTANNETTE-PC | User Name: horstannette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Saturn Fotoservice\Saturn Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Saturn Fotoservice] -- "C:\Program Files (x86)\Saturn Fotoservice\Saturn Fotoservice\Saturn Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Saturn Fotoservice\Saturn Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Saturn Fotoservice] -- "C:\Program Files (x86)\Saturn Fotoservice\Saturn Fotoservice\Saturn Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06160858-9426-4CF9-993F-ACFBD70639FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1752D97E-A01D-490B-9ED3-221E0F4191AB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{192540A2-1591-45CE-876B-07B0E20CAFFB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2AB6C404-8525-43B0-BF07-81B667C96606}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2FB3C411-5E18-4360-AF3A-1738F435E76A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{37F2280C-30FD-47C3-87DC-236CA9517F48}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{385C8231-3848-4727-A728-3918BB5FB282}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4821917C-581E-4B68-AF55-75553911A9FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{48D7DDE4-95E5-4ECD-A532-64C3FF9D2447}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{536F6406-4186-4E3D-A7FA-1E4338AFA542}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5D80315C-30A6-470C-94BD-97ED94429E60}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6C53AB49-39EA-4A92-B2AD-0DF69DEACC49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6EBD0EC8-6204-4D2F-8AEE-DCD965F158A3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7AD1E9AC-6D7F-47AA-8D13-FB9203C7973D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7E312EFD-9AD8-4788-9579-39D2DE5F0EC2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{83FE11EA-E35A-4386-B9A6-86C5B6D94465}" = rport=137 | protocol=17 | dir=out | app=system | 
"{95FA39CE-7D0B-4EDA-9558-CC4AA1BB0274}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9EED8EA5-40FA-4E65-B1C4-32C1ABD448F7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9F1D66C0-7BD4-415F-AF77-BE94F42527C4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A1F6626B-7D67-4E58-AD4C-BFA235DDF7EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A3BEAA46-8F2C-4E56-B8AD-9A7309CC1920}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A8495A55-A7ED-4091-8C23-B7D3344AD9D6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF5427AC-F8B7-4134-946A-4749DA8EA1D6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B660D403-6EA9-4B23-B47E-3D6EAEAC1E8E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B8220449-7DB4-4099-B4AA-B1AEA9D21BDF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C4AC4EA9-7BF2-400C-BAFD-A13D295799AC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D070C0CC-21E7-4FB8-8E61-2DC42D28F93C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DEC3C6EA-318C-4CEE-98B1-E74A4EECA633}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E0A28811-98EC-429F-B672-281C92FCF0BC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E220618C-E7C9-4AB4-9555-0CD49B2A6986}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{EC4A221F-5618-4D1E-A699-6375070E483D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{ED952613-1C6F-41AE-9080-C548E3E7A29E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F4E1980A-AEE5-4B1D-88C2-ABABF59E2D1C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E56DA3-5CA6-4742-A9C2-744ED3F06630}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0DE491D7-7F5A-474D-95B3-3FCC8E9C6CA7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{0F948232-235B-4244-8693-D00DB837C4EE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0F9BF124-DA5E-4FBE-9A4E-300D56569150}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{16E2C228-CE07-48A5-B42D-1EBFE03C0BEB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1CF126D0-F3EA-4073-8E73-F83C088A39CB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{2348ECBE-132D-4D8C-97EC-9F18FA7A432E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{24885CEC-CD9F-4EDD-BEED-08CB6C8AC255}" = protocol=6 | dir=out | app=system | 
"{2A0DFCC8-9B1D-4A08-BBFE-666EE8B81BE9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2BB7D6F5-A715-4EAC-B288-3A9862BF1185}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3436EFAC-C35B-4109-A1A8-E575EE6C4342}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{35709FCF-9730-475D-8CF7-9F97B46AAE72}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{3600A210-5D35-41EB-B414-036A27A92DB4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5DFB77ED-8BD2-4B21-9D62-0FF83DD55D8D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5F597A80-789C-4BC3-A45E-B3848B9A05FA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E15BA72-6F59-4DE9-A6A7-417B81451CE6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{878DE991-4910-446C-9FDB-F8BD4B9CBAB4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{9211C4C5-F515-4080-9969-7EA5C433BA62}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{921489C6-033D-4A99-AD8B-8AD1643B30F2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{A29C9B81-B48E-498D-B87F-1504CED8E677}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C7C1547F-FB46-4E75-90EF-A3A2DA3A7262}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CCA743F8-CE9A-452C-9243-EC8B73208AEA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{CEC44C34-8DD9-444D-B39E-2D085A8F43E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D216915D-CFC4-425A-B221-D598F60782CE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E19F993E-002F-4185-977B-FC3D477F86B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E9976811-8634-41A1-855C-26EEB556BCDE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1EA6FE6-9D61-4A15-A59A-41D89DAA34AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{27EE3690-772B-4271-B1B5-DE3A471F4CFD}C:\users\horstannette\appdata\roaming\esqeoh\tunay.exe" = protocol=6 | dir=in | app=c:\users\horstannette\appdata\roaming\esqeoh\tunay.exe | 
"TCP Query User{5A086DFB-8E8D-44CC-BF14-359D4C60705C}C:\users\horstannette\appdata\roaming\esqeoh\tunay.exe" = protocol=6 | dir=in | app=c:\users\horstannette\appdata\roaming\esqeoh\tunay.exe | 
"UDP Query User{34627778-C860-4B9A-8DC7-5160246865A7}C:\users\horstannette\appdata\roaming\esqeoh\tunay.exe" = protocol=17 | dir=in | app=c:\users\horstannette\appdata\roaming\esqeoh\tunay.exe | 
"UDP Query User{AEE29D92-8F31-4FC9-97A3-53A536D2AA97}C:\users\horstannette\appdata\roaming\esqeoh\tunay.exe" = protocol=17 | dir=in | app=c:\users\horstannette\appdata\roaming\esqeoh\tunay.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07ECB2CD-DC4D-9170-0832-6D0241F282E9}" = AMD AVIVO64 Codecs
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{2F949F9F-EBD4-8597-5CF0-6370C0161CC9}" = AMD Catalyst Install Manager
"{3BFAF653-4B91-2C87-82FE-DAF4C0F7BF18}" = AMD Drag and Drop Transcoding
"{455196BE-3B39-D0C3-0DB4-7F572F9DAC9A}" = ccc-utility64
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4EC57D6F-D4B2-DA64-DA3D-AA974526BA29}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"HitmanPro37" = HitmanPro 3.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0269C1CD-92C4-B8B4-6A13-4287CB880CDF}" = CCC Help Finnish
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{05FFC359-64F3-A1C7-16A6-4BECC05D0519}" = CCC Help Norwegian
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0E6C1531-9546-4153-9D88-689519385319}" = Haushaltsbuch 5.0
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{20E7F0EE-DE26-3287-FFB2-11F33ECE35F3}" = CCC Help Italian
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2EF1CACD-24D7-DD2C-627B-AEFD3B951C6E}" = CCC Help English
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FB06C2A-0D2F-1962-532A-AEC79851E241}" = CCC Help Dutch
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{409DC300-28AF-468F-9624-1F3309701881}" = watchmi
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{45D77EDE-0D5B-30EA-E2D7-85DD18E2088A}" = Catalyst Control Center InstallProxy
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{498765E0-6D72-309A-6019-3F2DDAD6808A}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{55118EA0-31F5-A638-4238-50D632B73D64}" = Catalyst Control Center Localization All
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56D13BAF-37D4-EC49-AF10-19F3E91B40E1}" = CCC Help Spanish
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{7069F9BA-0CC9-08AA-1825-1CB65D90BC24}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7189F66A-1560-1573-05C9-DE53613AEA1A}" = Versandhelfer
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DCC4C1C-2C65-49FF-A4B2-268F8B89E886}" = diabolo®
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97490A5C-49CB-468C-1639-9FB58BAA44CD}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C51AF995-1F7C-465F-A80B-EBBFE7969531}" = CCC Help Japanese
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer 2013
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E3E3281A-1D64-D7B4-9574-70E58CA258D5}" = Catalyst Control Center
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C6C49E-1450-7F9B-1457-B167B8FEB842}" = CCC Help German
"{F515901B-493B-4BE6-8064-6DA70789DF3B}" = diabolo | imatro | edition
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Brillux Scala" = Brillux Scala
"dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"ElsterFormular" = ElsterFormular
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Photo RX585_RX610 Benutzerhandbuch" = EPSON Stylus Photo RX585_RX610 Handbuch
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{5D3DA282-EBC3-437E-8D3D-07859F33164B}" = diabolo | imatro | edition
"InstallShield_{8DCC4C1C-2C65-49FF-A4B2-268F8B89E886}" = diabolo®
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallShield_{F515901B-493B-4BE6-8064-6DA70789DF3B}" = diabolo | imatro | edition
"Learnkey Word 2007 Basis CBT_is1" = Uninstall LearnKey CBT
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.2.0.802
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Saturn Fotoservice" = Saturn Fotoservice
"TeamViewer 6" = TeamViewer 6
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.11.2012 04:44:13 | Computer Name = horstannette-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.11.2012 03:42:05 | Computer Name = horstannette-PC | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
 args)
 
Error - 04.11.2012 03:43:33 | Computer Name = horstannette-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.11.2012 06:03:49 | Computer Name = horstannette-PC | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
 args)
 
Error - 04.11.2012 06:05:34 | Computer Name = horstannette-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.11.2012 03:49:32 | Computer Name = horstannette-PC | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
 args)
 
Error - 05.11.2012 03:51:17 | Computer Name = horstannette-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.11.2012 10:44:46 | Computer Name = horstannette-PC | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
 args)
 
Error - 05.11.2012 10:46:31 | Computer Name = horstannette-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.11.2012 04:14:53 | Computer Name = horstannette-PC | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
 args)
 
[ System Events ]
Error - 24.01.2013 10:43:11 | Computer Name = horstannette-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   KLIM6
 
Error - 24.01.2013 10:49:54 | Computer Name = horstannette-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EPSON V3 Service4(01)" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 24.01.2013 10:49:58 | Computer Name = horstannette-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%0.
 
Error - 24.01.2013 10:50:02 | Computer Name = horstannette-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   KLIM6
 
Error - 24.01.2013 10:54:56 | Computer Name = horstannette-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EPSON V3 Service4(01)" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 24.01.2013 10:55:09 | Computer Name = horstannette-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   KLIM6
 
Error - 24.01.2013 11:01:40 | Computer Name = horstannette-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EPSON V3 Service4(01)" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 24.01.2013 11:01:48 | Computer Name = horstannette-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   KLIM6
 
Error - 25.01.2013 04:36:16 | Computer Name = horstannette-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EPSON V3 Service4(01)" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 25.01.2013 04:36:27 | Computer Name = horstannette-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   KLIM6
 
 
< End of report >
         
Ich habe Euch die Originalmail bereits zugesandt.
Vielleicht hilft Euch das ja weiter.

Danke schon mal vorab!

Meldet Euch, was immer Ihr noch braucht.

Liebe Grüße
Jan

Alt 26.01.2013, 22:38   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Dateien verschlüsselt nach Trojanerinfizierung (TR/Crypt.XPACK.Gen8, TR/Matsnu.EB.98) - Standard

Dateien verschlüsselt nach Trojanerinfizierung (TR/Crypt.XPACK.Gen8, TR/Matsnu.EB.98)



Hallo und

Zum Thema Verschlüsselungstrojaner haben wir oben extra einen Hinweis angepinnt!

Eine Entschlüsselung ist unwahrscheinlich bis unmöglich!

Zitat:
3. Bei Dateien wie locked-<DATEINAME>.<ENDUNG>.wxyz entschlüsseln:Übersicht der 8 Entschlüsselungs-Tools
ansonsten Daten retten / Daten wiederherstellen: Daten retten nach Verschlüsselungstrojaner
Wenn das keine einfache Verschlüsselung mit "locked-" im Dateinamen ist, sollte man sich um Datenrettung und nicht um Entschlüsselung kümmern!
Wenn Vista oder Win7 im Einsatz sind, den ShadowExplorer testen! Aber keine unnötige Zeit mit Entschlüsselungsversuchen verschwenden

Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html
__________________

__________________

Antwort

Themen zu Dateien verschlüsselt nach Trojanerinfizierung (TR/Crypt.XPACK.Gen8, TR/Matsnu.EB.98)
antivir, auftrag, avira, bho, error, firefox, flash player, gereinigt, helper, home, homepage, install.exe, kaspersky, malware, microsoft office starter 2010, mozilla, plug-in, problem, programm, realtek, registry, scan, security, software, svchost.exe, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/downloader.gen8, virus, visual studio, windows, wiso




Ähnliche Themen: Dateien verschlüsselt nach Trojanerinfizierung (TR/Crypt.XPACK.Gen8, TR/Matsnu.EB.98)


  1. Windows 7: Fundmeldung TR/Crypt.XPACK.Gen8 - Befall noch vorhanden?
    Log-Analyse und Auswertung - 04.03.2014 (7)
  2. Trojaner tr/crypt.xpack.gen8 von Avira Gefunden
    Plagegeister aller Art und deren Bekämpfung - 19.07.2013 (12)
  3. Eigene Dateien verschlüsselt (XP SP3) (Matsnu, Crypt, Rogue, Agent)
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (2)
  4. crypt.xpack.gen und ...gen8 über Emailanhang eingefangen
    Log-Analyse und Auswertung - 19.02.2013 (13)
  5. unerwünschtes Programm 'TR/Crypt.XPACK.Gen8' [trojan] gefunden
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (7)
  6. Probleme mit .NET Framework, windows update und Systemwiederherstellung, Trojaner TR/Crypt.XPACK.Gen8, TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (11)
  7. Verschlüsselungstrojaner TR/Spy.ZBot.EB.91 & TR/Crypt.XPACK.Gen8
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (4)
  8. TR/Crypt.EPACK.Gen8, TR/Crypt.XPACK.Gen, TR/Vcaredrix.A.3 und einige EXP/CVE-xx, EXP/2010-xx Viren.
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (7)
  9. Verschlüsselungs Trojaner TR/Matsnu.EB.32, Dateien verschlüsselt
    Log-Analyse und Auswertung - 14.07.2012 (5)
  10. TR/Crypt.XPACK.Gen8 - TR/Crypt.EPACK.Gen2 - TR/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (18)
  11. Virus TR/Crypt.EPACK.Gen8' [trojan] > Daten verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  12. Dateien versteckt nach Fund von TR/Crypt.XPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (10)
  13. win32/matsnu - Dateien nicht umbenannt aber verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (2)
  14. TR/Crypt.ZPACK.GEN8 - nach Start schwarzer Desktop, keine Progr./Dateien; AVIRA Warnung, Systemfehle
    Log-Analyse und Auswertung - 19.05.2012 (1)
  15. TR/Crypt.ZPACK.GEN8 - nach Start schwarzer Desktop, keine Progr./Dateien; AVIRA Warnung, Systemfehle
    Log-Analyse und Auswertung - 17.04.2012 (19)
  16. TR/Crypt.XPACK.Gen8 und TR/Trash.Gen gefunden HILFE!!
    Log-Analyse und Auswertung - 15.04.2012 (1)
  17. TR/Fraudload.xzail , TR/PSW.Karagany.A.73 und TR/Crypt.XPACK.Gen8
    Plagegeister aller Art und deren Bekämpfung - 08.02.2012 (24)

Zum Thema Dateien verschlüsselt nach Trojanerinfizierung (TR/Crypt.XPACK.Gen8, TR/Matsnu.EB.98) - Hallo liebes Board-Team, gestern ist auf einem Rechner bei uns in der Familie ein Email-Anhang mit Bundespolizei-Trojaner geöffnet worden. Den Trojaner haben wir soweit entfernt, was aber zurückbleibt ist eine - Dateien verschlüsselt nach Trojanerinfizierung (TR/Crypt.XPACK.Gen8, TR/Matsnu.EB.98)...
Archiv
Du betrachtest: Dateien verschlüsselt nach Trojanerinfizierung (TR/Crypt.XPACK.Gen8, TR/Matsnu.EB.98) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.