Trojanerbefall von: TR/Atraps.gen & 2 + BDS/ZAccess.T + Win64/Sirefef.AL

[ollhei]

mich hat o.g. trojaner befallen...
combofix scan hat folgendes ausgespuckt:

Code:

ComboFix 12-07-14.01 - OH 16.07.2012  13:34:09.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4076.1937 [GMT 2:00]
ausgeführt von:: c:\users\OH\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
c:\users\OH\AppData\Roaming\rundll32.exe
c:\users\OH\AppData\Roaming\svchost.exe
c:\users\OH\AppData\Roaming\system32
c:\users\OH\AppData\Roaming\system32\csrss.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-16 bis 2012-07-16  ))))))))))))))))))))))))))))))
.
.
2012-07-16 11:39 . 2012-07-16 11:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-16 08:49 . 2012-07-16 08:49	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{528E7142-249F-44B6-974D-9F0AF64C0F4E}\offreg.dll
2012-07-13 08:14 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{528E7142-249F-44B6-974D-9F0AF64C0F4E}\mpengine.dll
2012-07-11 18:12 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 10:11 . 2012-06-06 06:06	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-07-10 06:36 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\SysWow64\msxml4.dll
2012-06-23 10:55 . 2012-06-23 10:55	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-23 10:55 . 2012-06-23 10:55	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-22 07:29 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-22 07:29 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-22 07:29 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-22 07:29 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-22 07:29 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-22 07:29 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-22 07:29 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-22 07:29 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-22 07:29 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-18 08:47 . 2012-04-19 19:12	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 08:47 . 2012-04-19 19:12	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-08 15:30 . 2012-04-19 20:49	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 15:30 . 2012-04-19 20:49	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-04 11:06 . 2012-06-14 08:15	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 08:15	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 08:15	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 08:15	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 08:15	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 08:15	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 08:15	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 08:15	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-14 08:15	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-14 08:15	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-14 08:15	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 08:15	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 08:15	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-14 08:15	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-04-20 19:59 . 2012-04-20 19:59	0	----a-w-	c:\windows\SysWow64\sho1023.tmp
2012-04-18 17:02 . 2011-03-28 09:36	19352	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-28 606208]
"TrayServer"="c:\program files (x86)\MAGIX\Video_deluxe_17\TrayServer.exe" [2008-08-07 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-07-06 289704]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-23 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 11576]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-09 31088]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-03-04 174184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 90337427
*Deregistered* - 90337427
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\OH\AppData\Roaming\Mozilla\Firefox\Profiles\8a2dwg9j.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Client Server Runtime Process - c:\users\OH\AppData\Roaming\System32\csrss.exe
Wow6432Node-HKCU-Run-Host-process Windows (Rundll32.exe) - c:\users\OH\AppData\Roaming\System32\csrss.exe
Wow6432Node-HKCU-Run-Service Host Process for Windows - c:\users\OH\AppData\Roaming\svchost.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Incomedia WebSite X5 Evolution - c:\windows\system32\iwpsetup.exe
AddRemove-Incomedia WebSite X5 v8 - Evolution - c:\windows\system32\iwpsetup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-16  13:41:46
ComboFix-quarantined-files.txt  2012-07-16 11:41
.
Vor Suchlauf: 8 Verzeichnis(se), 67.556.442.112 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 67.743.514.624 Bytes frei
.
- - End Of File - - 4A80B5D547F51B5FE4A673F27B3413C5
         

--- --- ---

bitte helft mir....!!!!! .....ich muß an dem labtop täglich "arbeiten"

Hier ist der OTL.txt

Code:

OTL logfile created on: 16.07.2012 23:16:03 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\OH\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 39,24% Memory free
7,96 Gb Paging File | 5,43 Gb Available in Paging File | 68,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,00 Gb Total Space | 63,27 Gb Free Space | 57,00% Space Free | Partition Type: NTFS
Drive D: | 163,58 Gb Total Space | 114,36 Gb Free Space | 69,91% Space Free | Partition Type: NTFS
 
Computer Name: OH-PC | User Name: OH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.16 23:13:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\OH\Downloads\OTL.exe
PRC - [2012.07.16 16:21:40 | 009,629,288 | ---- | M] (McAfee Inc.) -- C:\Users\OH\Downloads\stinger.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.06.23 12:55:21 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.06.19 16:01:46 | 000,151,104 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
PRC - [2012.06.19 15:59:52 | 001,148,992 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe
PRC - [2012.06.18 10:30:19 | 000,057,344 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\SeaMonkey\seamonkey.exe
PRC - [2012.05.08 17:30:35 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avcenter.exe
PRC - [2012.05.08 17:30:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 17:30:35 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 17:30:35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.02.25 03:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.14 12:15:38 | 004,394,576 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2011.02.07 11:55:24 | 001,757,264 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2011.01.04 15:06:42 | 007,060,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
PRC - [2010.12.23 08:07:58 | 000,945,232 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.29 07:42:38 | 000,775,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
PRC - [2010.11.10 01:03:52 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010.09.20 05:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
PRC - [2010.08.27 03:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010.02.10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.11.02 07:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.08.28 07:40:50 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2006.10.11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.23 12:55:21 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.06.18 10:30:19 | 001,970,176 | ---- | M] () -- C:\Program Files (x86)\SeaMonkey\mozjs.dll
MOD - [2012.06.18 10:30:19 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\SeaMonkey\NSLDAP32V60.dll
MOD - [2012.06.18 10:30:19 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\SeaMonkey\NSLDAPPR32V60.dll
MOD - [2012.05.18 10:47:17 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2010.07.05 12:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll
MOD - [2010.05.07 16:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009.11.02 07:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 07:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.08.28 07:40:50 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.08.09 21:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.23 12:55:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.19 16:01:46 | 000,151,104 | ---- | M] (Sophos Limited) [On_Demand | Running] -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe -- (SophosVirusRemovalTool)
SRV - [2012.05.08 17:30:35 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 17:30:35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011.03.01 14:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 03:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.08 17:30:35 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 17:30:35 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.03 13:57:04 | 002,768,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.07.06 08:16:24 | 000,289,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 09:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.02.18 01:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.01.27 07:35:26 | 000,425,064 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.13 00:23:38 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.11.10 01:04:14 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.07 04:59:00 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.13 04:48:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV - [2011.12.02 00:32:47 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 12:55:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.10.1\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2012.06.18 10:30:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.10.1\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 12:55:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.04.19 21:03:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OH\AppData\Roaming\mozilla\Extensions
[2012.05.02 11:08:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OH\AppData\Roaming\mozilla\Firefox\Profiles\8a2dwg9j.default\extensions
[2012.06.13 17:40:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OH\AppData\Roaming\mozilla\SeaMonkey\Profiles\l7n12z9y.default\extensions
[2012.04.20 22:12:36 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\OH\AppData\Roaming\mozilla\SeaMonkey\Profiles\l7n12z9y.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012.06.13 17:40:55 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\OH\AppData\Roaming\mozilla\SeaMonkey\Profiles\l7n12z9y.default\extensions\inspector@mozilla.org
[2012.04.19 21:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.23 12:55:21 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.23 12:55:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.23 12:55:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.23 12:55:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 12:55:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 12:55:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 12:55:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.16 13:39:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17\TrayServer.exe (MAGIX AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35CBA426-C31E-4BAE-9C5A-398702F33EA7}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.16 20:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012.07.16 20:07:46 | 000,000,000 | ---D | C] -- C:\Users\OH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.07.16 20:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012.07.16 18:40:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.16 17:23:17 | 000,000,000 | ---D | C] -- C:\Users\OH\AppData\Roaming\Malwarebytes
[2012.07.16 17:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.16 17:23:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.07.16 17:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.16 17:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.16 16:21:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012.07.16 16:07:33 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012.07.16 13:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.16 13:33:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012.07.16 13:33:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012.07.16 13:33:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012.07.16 13:32:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.16 13:32:44 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012.07.11 20:10:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.07.11 20:10:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.07.11 20:10:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.07.11 20:10:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.07.11 20:10:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.07.11 20:10:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.07.11 20:10:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.07.11 20:10:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.07.11 20:10:12 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.07.11 20:10:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.07.11 20:10:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.07.11 20:10:11 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.07.11 20:10:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.07.11 12:11:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2012.07.11 12:11:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2012.07.11 12:11:04 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012.07.11 12:11:02 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
[2012.07.11 12:11:01 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
[2012.07.10 08:36:32 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browserchoice.exe
[2012.07.03 14:05:02 | 000,000,000 | ---D | C] -- C:\Users\OH\Documents\My Pictures
[2012.06.25 16:04:24 | 001,394,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml4.dll
[2012.06.22 09:29:34 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2012.06.22 09:29:34 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2012.06.22 09:29:33 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2012.06.22 09:29:25 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2012.06.22 09:29:25 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2012.06.22 09:29:25 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2012.06.22 09:29:13 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2012.06.22 09:29:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.16 20:07:46 | 000,003,191 | ---- | M] () -- C:\Users\OH\Desktop\Sophos Virus Removal Tool.lnk
[2012.07.16 19:01:08 | 000,001,122 | ---- | M] () -- C:\Users\OH\Desktop\tdsskiller - Verknüpfung.lnk
[2012.07.16 19:00:55 | 000,001,089 | ---- | M] () -- C:\Users\OH\Desktop\stinger - Verknüpfung.lnk
[2012.07.16 19:00:32 | 000,001,230 | ---- | M] () -- C:\Users\OH\Desktop\esetsmartinstaller_enu - Verknüpfung.lnk
[2012.07.16 19:00:07 | 000,001,104 | ---- | M] () -- C:\Users\OH\Desktop\ComboFix - Verknüpfung.lnk
[2012.07.16 18:47:16 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 18:47:16 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 18:39:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.07.16 18:39:21 | 4273,520,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.16 18:28:23 | 000,002,884 | ---- | M] () -- C:\Users\OH\Documents\malwarebytes mbam-log-2012-07-16 (18-27-52)
[2012.07.16 17:24:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.16 13:39:31 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012.07.13 10:09:03 | 000,536,864 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.07.09 17:37:24 | 001,500,018 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.07.09 17:37:24 | 000,654,610 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.07.09 17:37:24 | 000,616,452 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.07.09 17:37:24 | 000,130,192 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.07.09 17:37:24 | 000,106,574 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.06.25 16:04:24 | 001,394,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msxml4.dll
[2012.06.20 16:36:35 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLec.DAT
[2012.06.20 16:36:35 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLds.DAT
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.16 20:07:46 | 000,003,191 | ---- | C] () -- C:\Users\OH\Desktop\Sophos Virus Removal Tool.lnk
[2012.07.16 19:01:08 | 000,001,122 | ---- | C] () -- C:\Users\OH\Desktop\tdsskiller - Verknüpfung.lnk
[2012.07.16 19:00:55 | 000,001,089 | ---- | C] () -- C:\Users\OH\Desktop\stinger - Verknüpfung.lnk
[2012.07.16 19:00:32 | 000,001,230 | ---- | C] () -- C:\Users\OH\Desktop\esetsmartinstaller_enu - Verknüpfung.lnk
[2012.07.16 19:00:07 | 000,001,104 | ---- | C] () -- C:\Users\OH\Desktop\ComboFix - Verknüpfung.lnk
[2012.07.16 18:28:22 | 000,002,884 | ---- | C] () -- C:\Users\OH\Documents\malwarebytes mbam-log-2012-07-16 (18-27-52)
[2012.07.16 17:23:05 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.16 13:33:04 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012.07.16 13:33:04 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012.07.16 13:33:04 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012.07.16 13:33:04 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012.07.16 13:33:04 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012.04.20 18:18:22 | 000,482,408 | ---- | C] () -- C:\windows\ssndii.exe
[2012.04.19 23:14:36 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2012.04.19 22:05:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2012.04.19 22:01:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Jazz
[2012.04.19 22:01:56 | 000,000,268 | RH-- | C] () -- C:\Users\OH\AppData\Roaming\Instrument Library
[2012.04.19 22:01:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLds.DAT
[2012.04.19 22:01:56 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Keyboard Layouts
[2012.04.19 21:20:15 | 000,002,048 | -HS- | C] () -- C:\Users\OH\AppData\Local\{4ca237cd-ec88-7974-cbed-989e8ea12a6c}\@
[2012.04.18 20:18:24 | 000,000,428 | ---- | C] () -- C:\windows\MAXLINK.INI
[2012.04.18 19:22:05 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.10.31 21:56:23 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe
[2011.10.31 07:59:35 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011.10.31 07:18:44 | 000,001,156 | ---- | C] () -- C:\windows\HotFixList.ini
[2011.10.31 07:02:22 | 000,142,128 | ---- | C] () -- C:\windows\wiainst64.exe
 
========== LOP Check ==========
 
[2012.04.18 20:21:06 | 000,000,000 | ---D | M] -- C:\Users\OH\AppData\Roaming\Canon
[2012.07.11 20:02:58 | 000,000,000 | ---D | M] -- C:\Users\OH\AppData\Roaming\FileZilla
[2012.04.19 22:23:10 | 000,000,000 | ---D | M] -- C:\Users\OH\AppData\Roaming\IrfanView
[2012.05.03 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\OH\AppData\Roaming\MAGIX
[2012.04.19 22:03:20 | 000,000,000 | ---D | M] -- C:\Users\OH\AppData\Roaming\Nikon
[2012.04.18 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\OH\AppData\Roaming\ScanSoft
[2012.07.16 15:39:15 | 000,000,000 | ---D | M] -- C:\Users\OH\AppData\Roaming\SoftGrid Client
[2012.04.18 19:22:52 | 000,000,000 | ---D | M] -- C:\Users\OH\AppData\Roaming\TP
[2012.07.13 15:43:47 | 000,032,626 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Hier Extras:

Code:

OTL Extras logfile created on: 16.07.2012 23:16:03 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\OH\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 39,24% Memory free
7,96 Gb Paging File | 5,43 Gb Available in Paging File | 68,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,00 Gb Total Space | 63,27 Gb Free Space | 57,00% Space Free | Partition Type: NTFS
Drive D: | 163,58 Gb Total Space | 114,36 Gb Free Space | 69,91% Space Free | Partition Type: NTFS
 
Computer Name: OH-PC | User Name: OH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DE28B67-62B5-4E71-A10B-DC1D81D11BED}" = lport=139 | protocol=6 | dir=in | app=system | 
"{25114C03-4330-49F2-B573-9859337D57CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2E8AAD77-CAEE-41E4-92B4-036F4C0107FB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{31F19518-502C-4C87-BB77-F7F2C6990B2B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{34DCE1A9-02E9-459F-B932-B65741BBA4DA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{40ACB45E-7252-4941-B01C-1377467D5304}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{4EAA43D8-D7F8-40D3-AE3D-C5F4063DAB13}" = lport=445 | protocol=6 | dir=in | app=system | 
"{52F4FCAF-9E09-4CD2-9E99-9AAA821CECEE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{65F8F03F-5BB4-4F25-9C27-34B4A1274B91}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{70ABFCE6-79B9-42C2-8E3A-63F809F31D11}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{88700DC4-E9A1-4DA4-8E15-707C76209AA4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9CD071B0-F094-4CDF-8F6F-C87F9E91AC58}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A0B1C569-626F-47D3-9E44-415A634734FF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B80D981E-442B-4507-8B2F-A592AC38D33D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B93321C8-E7BF-4A82-AECA-5201F09918C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CDF5356E-B9C5-46A9-A93D-74EE1B1A1024}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DA33685E-8089-44AB-84C0-4EF482E67EF2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E01859DC-C48B-447A-A291-CF0B96D2824B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E2799CEF-7200-49E8-9E93-A176FACE1103}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E5031118-15C4-43E2-82C4-493AD8166018}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EC9A932D-0AAD-4CDD-90A1-0114A87CABFE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EF13D1E2-1D85-4E8A-8D79-6D23639DD4A7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F1DECFCC-B090-43E2-AB17-396026E5AB9A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10953118-7073-48E9-82CC-B8FC376F1F66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{17960FB4-42AC-4C3A-9794-BA41A8E3C69D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1CF60D4B-87C9-4711-A4F3-30BADED5F0A3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1E00F276-4E36-4C0B-8083-E88C997C59F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2F22559C-B0A3-46FF-BDC0-E45E1354CD17}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{308BC396-540C-4907-B7FD-3133AC7B5021}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | 
"{344E5125-9311-46BB-BC8C-92B21C0A3795}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{409F3351-89A4-49B3-B0CA-AE2885F578A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{41913B3B-1788-457B-99ED-C91B1C50D711}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{48AD7B75-3CDF-403D-9686-27599C266E60}" = protocol=6 | dir=out | app=system | 
"{4BE224D2-42E2-4848-AF8C-7B7CAA5F444A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{5512C66C-E521-4567-AF87-ED952B9DA6F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{68EB20D6-8F06-49B5-978D-C8D439346E33}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6BD08068-829E-4074-B746-425F02C1719E}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | 
"{6E4701BC-AEC4-46DB-82A9-931454516D0E}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"{779969B0-4D32-4FD4-B98A-E8E0E45533D4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7BD92453-7781-458B-8AB0-43D07A5CC425}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7E1B1BF2-3477-4C43-A6EA-05F8D63BAE84}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{8E54B293-45E7-4AA2-8431-F69C5DD35BBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{98F4D4D8-295E-47C1-A2DA-AF9FF45488F0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{991527FA-8CFB-46D2-B741-37F0D57D07E8}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"{A0FFA306-BE8D-48A7-B9D4-96416F782DA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B3E6F5D2-33F0-4E05-9EEB-E65D74C43C78}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B6B7F44A-B9A0-49D8-9342-1F0F900CF8BC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C199FB17-2CBE-4AE3-BFEB-E12DE33F0B94}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{C36B3BB3-0670-4C59-8C9B-859C6CAA2B86}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{CEA3C20C-A686-480D-9E98-DFD1DF589AA6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D0693F5B-C481-4CB5-B0FA-EC03F7B211A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E56AAFDF-6A15-45BB-8B2E-CB7BBCBF0FD0}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | 
"{E819AEC8-8C69-4CDE-8BD7-4C59EB3B7606}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F3E52F50-16F1-43AB-8DF7-10CF36107584}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | 
"{F55F9393-24DD-4947-8476-BB5FE6C1C525}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F6936C1B-BD92-4065-8A1D-0B5E4D1E4115}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe | 
"TCP Query User{0F7BD846-F941-4C39-8D54-8A463C762AE4}C:\program files (x86)\namo\webeditor 8\bin\webeditor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\namo\webeditor 8\bin\webeditor.exe | 
"TCP Query User{B243AC24-EB51-4FCE-877E-07F603EA78BD}C:\program files (x86)\corel\coreldraw graphics suite x4\programs\coreldrw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\coreldraw graphics suite x4\programs\coreldrw.exe | 
"TCP Query User{D3646911-DB9B-48EA-A433-9AABCD66D4DD}C:\program files (x86)\namo\webeditor 2006\bin\webeditor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\namo\webeditor 2006\bin\webeditor.exe | 
"TCP Query User{FA1ACB45-62C6-4A53-8DF1-2C8911A517FE}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{155E16DD-3CE5-4221-ACC6-D8E484F8F201}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{802CE22E-B9BA-458D-AC96-646BC3E1D497}C:\program files (x86)\corel\coreldraw graphics suite x4\programs\coreldrw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\coreldraw graphics suite x4\programs\coreldrw.exe | 
"UDP Query User{9DDDA1EF-CFE6-4711-8B95-8FE5BFD9C5DB}C:\program files (x86)\namo\webeditor 2006\bin\webeditor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\namo\webeditor 2006\bin\webeditor.exe | 
"UDP Query User{EB604F5E-26E6-4C5F-9258-EB48C102303E}C:\program files (x86)\namo\webeditor 8\bin\webeditor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\namo\webeditor 8\bin\webeditor.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.04
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Elantech" = ETDWare PS/2-X64 8.0.7.2_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}" = CorelDRAW(R) Graphics Suite X4 - Extra Content
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{122800FE-3AAF-4974-9FBD-54B023FA756A}" = „Windows Live Messenger“
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}" = WordCaptureX Pro
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14E1CEC0-E43B-4158-85F4-73BCB3878B7F}" = MAGIX Speed burnR (MSI)
"{16880765-677F-440B-B16A-BFD9B9C00012}" = EasyFileShare
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{331ECF61-69AF-4F57-AC35-AFED610231C3}" = Multimedia POP
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3F50512F-53DF-46B1-8CCB-6C7E638CADD6}" = PhoneShare
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4923877D-6A59-485B-9E63-E35664B4F067}" = MAGIX Screenshare
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Start
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}" = Movie Color Enhancer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}" = CorelDRAW Graphics Suite X4 - Extra Content
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83D2FFB0-E378-49FE-8A53-580CA7B5761F}" = Windows Live Messenger
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{8732818E-CA78-4ACB-B077-22311BF4C0E4}" = Easy Network Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{980A3C34-1652-472D-84AC-2A4D3D4955BF}" = Namo WebEditor 2006
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3507473-2CE3-4073-A6BA-A0846B5CC687}" = Namo WebEditor 8
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47C66BE-0EB5-4587-93FE-D1E176C4B25C}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F287AD31-C7A7-48BF-9381-6B8A686AAAD4}" = MAGIX Video deluxe 17
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA20D803-14E5-4B00-8F03-B519D46F9D4A}" = Windows Live Messenger
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"{FFD0E594-823B-4E2B-B680-720B3C852588}" = BatteryLifeExtender
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.3
"Game Console - WildGames" = WildTangent ORB Game Console
"Incomedia WebSite X5 Evolution" = Incomedia WebSite X5 Evolution
"Incomedia WebSite X5 v8 - Evolution" = Incomedia WebSite X5 v8 - Evolution
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"IrfanView" = IrfanView (remove only)
"MAGIX_{14E1CEC0-E43B-4158-85F4-73BCB3878B7F}" = MAGIX Speed burnR (MSI)
"MAGIX_{4923877D-6A59-485B-9E63-E35664B4F067}" = MAGIX Screenshare
"MAGIX_{F287AD31-C7A7-48BF-9381-6B8A686AAAD4}" = MAGIX Video deluxe 17
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ProInst" = Intel PROSet Wireless
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"SeaMonkey (2.10.1)" = SeaMonkey (2.10.1)
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live 程式集
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.05.2012 04:44:22 | Computer Name = OH-PC | Source = Application Hang | ID = 1002
Description = Programm RAVE.EXE, Version 2.0.633.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d24    Startzeit: 
01cd31ac5e6b9215    Endzeit: 14    Anwendungspfad: C:\Program Files (x86)\Corel\Corel Graphics
 11\PROGRAMS\RAVE.EXE    Berichts-ID: f0a5acaa-9da0-11e1-ae20-e8039a160125  
 
Error - 14.05.2012 05:09:52 | Computer Name = OH-PC | Source = Application Hang | ID = 1002
Description = Programm RAVE.EXE, Version 2.0.633.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1310    Startzeit:
 01cd31adc83aaa8e    Endzeit: 22    Anwendungspfad: C:\Program Files (x86)\Corel\Corel Graphics
 11\PROGRAMS\RAVE.EXE    Berichts-ID: 8df9a555-9da4-11e1-ae20-e8039a160125  
 
Error - 14.05.2012 06:33:51 | Computer Name = OH-PC | Source = Application Hang | ID = 1002
Description = Programm Rave.exe, Version 2.0.633.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 5cc    Startzeit: 
01cd31bba727cc51    Endzeit: 8    Anwendungspfad: C:\Program Files (x86)\Corel\Corel Graphics
 11\Programs\Rave.exe    Berichts-ID:   
 
Error - 14.05.2012 07:34:00 | Computer Name = OH-PC | Source = Application Hang | ID = 1002
Description = Programm RAVE.EXE, Version 2.0.633.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 11c0    Startzeit:
 01cd31b156d16188    Endzeit: 18    Anwendungspfad: C:\Program Files (x86)\Corel\Corel Graphics
 11\PROGRAMS\RAVE.EXE    Berichts-ID: b0668429-9db8-11e1-ae20-e8039a160125  
 
Error - 15.05.2012 11:18:08 | Computer Name = OH-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.05.2012 08:03:42 | Computer Name = OH-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.05.2012 04:03:29 | Computer Name = OH-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.05.2012 04:11:58 | Computer Name = OH-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 18.05.2012 04:47:03 | Computer Name = OH-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.05.2012 05:36:51 | Computer Name = OH-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 30.06.2012 04:42:46 | Computer Name = OH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 01.07.2012 10:01:57 | Computer Name = OH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 01.07.2012 17:42:51 | Computer Name = OH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 02.07.2012 03:52:26 | Computer Name = OH-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?07.?2012 um 00:23:20 unerwartet heruntergefahren.
 
Error - 02.07.2012 03:52:34 | Computer Name = OH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 02.07.2012 05:48:44 | Computer Name = OH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 02.07.2012 08:12:55 | Computer Name = OH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 02.07.2012 14:18:52 | Computer Name = OH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 03.07.2012 05:20:24 | Computer Name = OH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 03.07.2012 05:20:59 | Computer Name = OH-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
 
< End of report >

Hier der Rootkit scan (Sophos):

Code:

2012-07-16 20:07:58	Sophos Virus Removal Tool version 2.1
2012-07-16 20:07:58	Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2012-07-16 20:07:58	This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2012-07-16 20:07:58	Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2012-07-16 20:07:58	Component SVRTcli.exe version 2.1
2012-07-16 20:07:58	Component control.dll version 2.1
2012-07-16 20:07:58	Component SVRTservice.exe version 2.1
2012-07-16 20:07:59	Component osdp.dll version 1.44.0.1982
2012-07-16 20:07:59	Component veex.dll version 3.33.2.1982
2012-07-16 20:07:59	Component savi.dll version 7.5.9.1982
2012-07-16 20:07:59	Component rkdisk.dll version 1.5.30.0
2012-07-16 20:08:14	Option all = no
2012-07-16 20:08:14	Option recurse = yes
2012-07-16 20:08:14	Option archive = no
2012-07-16 20:08:14	Option service = yes
2012-07-16 20:08:14	Option confirm = yes
2012-07-16 20:08:14	Option sxl = yes
2012-07-16 20:08:14	Option max-data-age = 35
2012-07-16 20:08:14	Version info:	Product version	2.1
2012-07-16 20:08:14	Version info:	Detection engine	3.33.2
2012-07-16 20:08:14	Version info:	Detection data	4.79
2012-07-16 20:08:14	Version info:	Virus data date	02.07.2012
2012-07-16 20:08:14	Version info:	Data files added	281




2012-07-16 21:30:38	Warning: rootkit scan failed to open volume "\\?\Volume{cf9b5e8e-8977-11e1-9d88-e8039a160125}"

2012-07-16 21:30:54	Could not open C:\hiberfil.sys
2012-07-16 21:30:54	Could not open C:\pagefile.sys
2012-07-16 22:09:34	Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-07-16 22:09:34	Could not open C:\System Volume Information\{4095509e-ca05-11e1-868f-e8039a160125}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-07-16 22:09:34	Could not open C:\System Volume Information\{68559176-c743-11e1-85c8-e8039a160125}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-07-16 22:09:34	Could not open C:\System Volume Information\{6b0e6e95-cf1b-11e1-b28b-e8039a160125}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-07-16 22:09:34	Could not open C:\System Volume Information\{6b0e6e99-cf1b-11e1-b28b-e8039a160125}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-07-16 22:09:34	Could not open C:\System Volume Information\{6b0e6eb7-cf1b-11e1-b28b-e8039a160125}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-07-16 22:09:34	Could not open C:\System Volume Information\{9ff77bce-cb3f-11e1-bdcc-e8039a160125}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-07-16 22:09:34	Could not open C:\System Volume Information\{b6d90c0b-cf4b-11e1-baf6-e8039a160125}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-07-16 22:09:34	Could not open C:\System Volume Information\{c6b11a19-cf64-11e1-893b-e8039a160125}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-07-16 22:09:34	Could not open C:\System Volume Information\{c6b11a1a-cf64-11e1-893b-e8039a160125}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-07-16 22:49:16	Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2012-07-16 22:49:16	Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2012-07-16 23:08:46	Password protected file D:\3 OH Spezial\x OH Excel\1Kommen.xls
2012-07-16 23:08:46	Password protected file D:\3 OH Spezial\x OH Excel\1Nummer.xls
2012-07-16 23:08:46	Password protected file D:\3 OH Spezial\x OH Excel\1TelefonlisteKlein.xls
2012-07-16 23:08:46	Password protected file D:\3 OH Spezial\x OH Excel\1Ziele.xls
2012-07-16 23:08:46	Password protected file D:\3 OH Spezial\x OH Excel\Gehaltentwicklung.xls
2012-07-16 23:08:46	Password protected file D:\3 OH Spezial\x OH Excel\kg-Übersicht.xls
2012-07-16 23:13:22	Could not check D:\3 OH Spezial\x Projekte\allesbesser\Fröbel-Kita Logo.doc (corrupt)
2012-07-16 23:47:57	Could not open LOGICAL:0010:00000000
2012-07-16 23:47:57	Could not open Q:\

und hier noch HJTscanlist:

Code:

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.1.7601]
 
 
C:

  16.07.2012 21:50     C:\System Volume Information --------- 16384   
  16.07.2012 20:57     C:\AAntivir Protokoll 16-7-12 VSCAN-20120716-184729-3F803FCF.txt --------- 22508   
  16.07.2012 20:07     C:\ProgramData --------- 12288   
  16.07.2012 20:07     C:\Program Files (x86) --------- 12288   
  16.07.2012 18:40     C:\$RECYCLE.BIN --------- 0   
       C:\pagefile.sys ---------    
       C:\hiberfil.sys ---------    
  16.07.2012 18:29     C:\TDSSKiller.2.7.45.0_16.07.2012_16.53.43_log.txt --------- 3962   
  16.07.2012 16:08     C:\TDSSKiller.2.7.45.0_16.07.2012_16.07.50_log.txt --------- 125756   
  16.07.2012 16:07     C:\Qoobox --------- 0   
  16.07.2012 16:07     C:\Windows --------- 40960   
  16.07.2012 16:07     C:\ComboFix.txt --------- 15909   
  16.07.2012 16:05     C:\TDSSKiller.2.7.45.0_16.07.2012_16.02.12_log.txt --------- 3962   
  16.07.2012 13:08     C:\TDSSKiller.2.7.45.0_16.07.2012_13.07.07_log.txt --------- 125320   
  26.04.2012 13:44     C:\3 OH Spezial --------- 0   
  19.04.2012 22:56     C:\Program Files --------- 8192   
  18.04.2012 17:33     C:\Users --------- 4096   
  18.04.2012 17:32     C:\Recovery --------- 0   
  31.10.2011 07:09     C:\setup.log --------- 159   
  31.10.2011 06:44     C:\RHDSetup.log --------- 2184   
  31.10.2011 06:43     C:\Intel --------- 0   
  14.07.2009 07:08     C:\Documents and Settings --------- 0   
  14.07.2009 05:20     C:\PerfLogs --------- 0   
----------------------------------------

 
C:\windows

  16.07.2012 22:24     C:\windows\WindowsUpdate.log --------- 1959143   
  16.07.2012 18:39     C:\windows\setupact.log --------- 48856   
  16.07.2012 18:39     C:\windows\bootstat.dat --------- 67584   
  16.07.2012 18:39     C:\windows\PFRO.log --------- 364616   
  16.07.2012 16:05     C:\windows\system.ini --------- 215   
  11.07.2012 20:12     C:\windows\msxml4-KB2721691-enu.LOG --------- 262870   
  11.07.2012 20:10     C:\windows\win.ini --------- 499   
  04.05.2012 21:28     C:\windows\msxml4-KB973685-enu.LOG --------- 260754   
  20.04.2012 21:54     C:\windows\msxml4-KB973688-enu.LOG --------- 283998   
  19.04.2012 23:43     C:\windows\msxml4-KB954430-enu.LOG --------- 292452   
  19.04.2012 23:16     C:\windows\ODBC.INI --------- 400   
  18.04.2012 20:18     C:\windows\MAXLINK.INI --------- 428   
  18.04.2012 18:22     C:\windows\avmadd321.log --------- 2428   
  18.04.2012 18:22     C:\windows\avmadd32.log --------- 2970   
  18.04.2012 17:41     C:\windows\Setup.log --------- 157   
  18.04.2012 17:39     C:\windows\DPINST.LOG --------- 9560   
  18.04.2012 17:35     C:\windows\SetDisplayResolution.log --------- 28613   
  18.04.2012 17:33     C:\windows\LCDStretchMode.log --------- 4332   
  02.12.2011 00:51     C:\windows\DtcInstall.log --------- 4059   
  31.10.2011 22:41     C:\windows\TSSysprep.log --------- 3652   
  31.10.2011 08:06     C:\windows\Report.htm --------- 46072   
  31.10.2011 07:59     C:\windows\Csup.txt --------- 10   
  31.10.2011 07:51     C:\windows\DirectX.log --------- 562   
  31.10.2011 07:27     C:\windows\HotFixList.ini --------- 1156   
  31.10.2011 07:11     C:\windows\setup-Spinup.log --------- 168   
  26.06.2011 08:45     C:\windows\PEV.exe --------- 256000   
  22.06.2011 02:58     C:\windows\RtlExUpd.dll --------- 1698408   
  13.05.2011 08:42     C:\windows\WLXPGSS.SCR --------- 302448   
  25.02.2011 08:19     C:\windows\explorer.exe --------- 2871808   
  30.11.2010 12:44     C:\windows\Samsung Astro Orbit I.scr --------- 14392507   
  21.11.2010 05:25     C:\windows\twain_32.dll --------- 51200   
  21.11.2010 05:24     C:\windows\bfsvc.exe --------- 71168   
  21.11.2010 05:24     C:\windows\splwow64.exe --------- 67072   
  07.11.2010 19:20     C:\windows\MBR.exe --------- 208896   
  19.10.2010 11:04     C:\windows\HotfixChecker.exe --------- 407040   
  06.10.2010 21:04     C:\windows\wiainst64.exe --------- 142128   
  09.08.2010 21:04     C:\windows\SUPDRun.exe --------- 258864   
  06.08.2010 08:09     C:\windows\Samsung.png --------- 16018   
  21.06.2010 04:35     C:\windows\SlientUninstall.iss --------- 433   
  10.11.2009 03:32     C:\windows\surbey.ico --------- 562718   
  17.09.2009 05:00     C:\windows\SetLCDStretchMode.exe --------- 345600   
  29.08.2009 08:07     C:\windows\ssndii.exe --------- 482408   
  14.07.2009 06:54     C:\windows\WindowsShell.Manifest --------- 749   
  14.07.2009 06:51     C:\windows\setuperr.log --------- 0   
  14.07.2009 03:39     C:\windows\write.exe --------- 10240   
  14.07.2009 03:39     C:\windows\regedit.exe --------- 427008   
  14.07.2009 03:39     C:\windows\notepad.exe --------- 193536   
  14.07.2009 03:39     C:\windows\hh.exe --------- 16896   
  14.07.2009 03:39     C:\windows\HelpPane.exe --------- 733696   
  14.07.2009 03:39     C:\windows\fveupdate.exe --------- 15360   
  14.07.2009 03:14     C:\windows\winhlp32.exe --------- 9728   
  14.07.2009 03:14     C:\windows\twunk_32.exe --------- 31232   
  14.07.2009 01:06     C:\windows\mib.bin --------- 43131   
  10.06.2009 23:41     C:\windows\twunk_16.exe --------- 49680   
  10.06.2009 23:41     C:\windows\twain.dll --------- 94784   
  10.06.2009 22:52     C:\windows\WMSysPr9.prx --------- 316640   
  10.06.2009 22:36     C:\windows\msdfmap.ini --------- 1405   
  10.06.2009 22:31     C:\windows\Starter.xml --------- 48201   
  10.06.2009 22:30     C:\windows\HomePremium.xml --------- 48265   
  10.06.2009 22:30     C:\windows\HomeBasic.xml --------- 48223   
  20.04.2009 06:56     C:\windows\NIRCMD.exe --------- 60416   
  15.04.2009 04:21     C:\windows\SetDisplayResolution.exe --------- 307200   
  23.01.2009 07:54     C:\windows\AnyWeb Print.ico --------- 5430   
  19.12.2008 21:04     C:\windows\SetDisplayResolutionDT.xml --------- 3282   
  19.12.2008 21:04     C:\windows\SetDisplayResolutionNP.xml --------- 3282   
  14.11.2007 11:13     C:\windows\Reseal64.exe --------- 423936   
  13.08.2007 04:47     C:\windows\Dr. Printer Icon.ico --------- 11502   
  31.08.2000 02:00     C:\windows\SWREG.exe --------- 518144   
  31.08.2000 02:00     C:\windows\sed.exe --------- 98816   
  31.08.2000 02:00     C:\windows\zip.exe --------- 68096   
  31.08.2000 02:00     C:\windows\grep.exe --------- 80412   
  31.08.2000 02:00     C:\windows\SWSC.exe --------- 406528   
  31.08.2000 02:00     C:\windows\SWXCACLS.exe --------- 212480   
  11.06.1999 15:18     C:\windows\corelpf.lrs --------- 28252   
  01.08.1995 04:44     C:\windows\PCDLIB32.DLL --------- 212480   
----------------------------------------

 
C:\windows\System

----------------------------------------

 
C:\windows\System32

 16.07.2012 18:53     C:\windows\system32\config --------- 24576  
 16.07.2012 18:47     C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 20992  
 16.07.2012 18:47     C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 20992  
 16.07.2012 17:24     C:\windows\system32\drivers --------- 65536  
 13.07.2012 10:09     C:\windows\system32\FNTCACHE.DAT --------- 536864  
 13.07.2012 10:07     C:\windows\system32\migration --------- 0  
 11.07.2012 20:13     C:\windows\system32\catroot --------- 0  
 11.07.2012 20:10     C:\windows\system32\catroot2 --------- 20480  
 09.07.2012 17:37     C:\windows\system32\perfh009.dat --------- 616452  
 09.07.2012 17:37     C:\windows\system32\perfc009.dat --------- 106574  
 09.07.2012 17:37     C:\windows\system32\perfh007.dat --------- 654610  
 09.07.2012 17:37     C:\windows\system32\perfc007.dat --------- 130192  
 09.07.2012 17:37     C:\windows\system32\PerfStringBackup.INI --------- 1500018  
 07.07.2012 12:08     C:\windows\system32\FxsTmp --------- 0  
 03.07.2012 14:56     C:\windows\system32\Tasks --------- 12288  
 23.06.2012 12:52     C:\windows\system32\de-DE --------- 262144  
 12.06.2012 05:08     C:\windows\system32\win32k.sys --------- 3148800  
 09.06.2012 07:43     C:\windows\system32\shell32.dll --------- 14172672  
 06.06.2012 08:06     C:\windows\system32\msxml6.dll --------- 2004480  
 06.06.2012 08:06     C:\windows\system32\msxml3.dll --------- 1881600  
 06.06.2012 08:02     C:\windows\system32\cdosys.dll --------- 1133568  
 03.06.2012 00:19     C:\windows\system32\wups.dll --------- 38424  
 03.06.2012 00:19     C:\windows\system32\wuaueng.dll --------- 2428952  
 03.06.2012 00:19     C:\windows\system32\wups2.dll --------- 44056  
 03.06.2012 00:19     C:\windows\system32\wuauclt.exe --------- 57880  
 03.06.2012 00:19     C:\windows\system32\wuapi.dll --------- 701976  
 03.06.2012 00:15     C:\windows\system32\wucltux.dll --------- 2622464  
 03.06.2012 00:15     C:\windows\system32\wudriver.dll --------- 99840  
 02.06.2012 15:19     C:\windows\system32\wuwebv.dll --------- 186752  
 02.06.2012 15:15     C:\windows\system32\wuapp.exe --------- 36864  
 02.06.2012 14:49     C:\windows\system32\mshtml.dll --------- 17807360  
 02.06.2012 14:17     C:\windows\system32\ieframe.dll --------- 10924032  
 02.06.2012 14:12     C:\windows\system32\jscript9.dll --------- 2311680  
 02.06.2012 14:05     C:\windows\system32\urlmon.dll --------- 1346048  
 02.06.2012 14:05     C:\windows\system32\wininet.dll --------- 1392128  
 02.06.2012 14:04     C:\windows\system32\inetcpl.cpl --------- 1494528  
 02.06.2012 14:04     C:\windows\system32\url.dll --------- 237056  
 02.06.2012 14:03     C:\windows\system32\jsproxy.dll --------- 85504  
 02.06.2012 14:01     C:\windows\system32\ieUnatt.exe --------- 173056  
 02.06.2012 14:00     C:\windows\system32\jscript.dll --------- 818688  
 02.06.2012 13:59     C:\windows\system32\iertutil.dll --------- 2144768  
 02.06.2012 13:57     C:\windows\system32\mshtmled.dll --------- 96768  
 02.06.2012 13:57     C:\windows\system32\mshtml.tlb --------- 2382848  
 02.06.2012 13:54     C:\windows\system32\ieui.dll --------- 248320  
 02.06.2012 07:45     C:\windows\system32\schannel.dll --------- 340992  
 02.06.2012 07:44     C:\windows\system32\ncrypt.dll --------- 307200  
 17.05.2012 10:50     C:\windows\system32\NDF --------- 0  
 04.05.2012 13:06     C:\windows\system32\ntoskrnl.exe --------- 5559664  
 01.05.2012 07:40     C:\windows\system32\profsvc.dll --------- 209920  
 28.04.2012 00:26     C:\windows\system32\wdi --------- 4096  
 26.04.2012 07:41     C:\windows\system32\rdpwsx.dll --------- 77312  
 26.04.2012 07:41     C:\windows\system32\rdpcorekmts.dll --------- 149504  
 26.04.2012 07:34     C:\windows\system32\rdrmemptylst.exe --------- 9216  
 24.04.2012 07:37     C:\windows\system32\cryptsvc.dll --------- 184320  
 24.04.2012 07:37     C:\windows\system32\cryptnet.dll --------- 140288  
 24.04.2012 07:37     C:\windows\system32\crypt32.dll --------- 1462272  
 21.04.2012 17:52     C:\windows\system32\migwiz --------- 4096  
 21.04.2012 17:52     C:\windows\system32\winrm --------- 0  
 21.04.2012 17:52     C:\windows\system32\oobe --------- 0  
 21.04.2012 17:52     C:\windows\system32\it-IT --------- 0  
 21.04.2012 17:52     C:\windows\system32\Boot --------- 0  
 21.04.2012 17:52     C:\windows\system32\slmgr --------- 0  
 21.04.2012 17:52     C:\windows\system32\sysprep --------- 0  
 21.04.2012 17:52     C:\windows\system32\Setup --------- 0  
 21.04.2012 17:52     C:\windows\system32\WCN --------- 0  
 21.04.2012 17:52     C:\windows\system32\MUI --------- 0  
 21.04.2012 17:52     C:\windows\system32\Dism --------- 0  
 21.04.2012 17:52     C:\windows\system32\DriverStore --------- 4096  
 21.04.2012 17:52     C:\windows\system32\Printing_Admin_Scripts --------- 0  
 21.04.2012 17:52     C:\windows\system32\com --------- 0  
 21.04.2012 17:51     C:\windows\system32\fr-FR --------- 0  
 21.04.2012 17:51     C:\windows\system32\en-US --------- 327680  
 21.04.2012 10:14     C:\windows\system32\LogFiles --------- 4096  
 19.04.2012 21:12     C:\windows\system32\Macromed --------- 0  
 18.04.2012 20:11     C:\windows\system32\CanonIJ Uninstaller Information --------- 0  
 18.04.2012 16:37     C:\windows\system32\license.rtf --------- 159772  
 07.04.2012 14:31     C:\windows\system32\msi.dll --------- 3216384  
 03.03.2012 08:35     C:\windows\system32\DWrite.dll --------- 1544704  
 01.03.2012 08:38     C:\windows\system32\wintrust.dll --------- 220672  
 01.03.2012 08:33     C:\windows\system32\imagehlp.dll --------- 81408  
 01.03.2012 08:28     C:\windows\system32\wmi.dll --------- 5120  
 23.02.2012 10:18     C:\windows\system32\MpSigStub.exe --------- 279656  
 17.02.2012 08:38     C:\windows\system32\rdpcore.dll --------- 1031680  
 04.01.2012 12:44     C:\windows\system32\ntshrui.dll --------- 509952  
 30.12.2011 08:26     C:\windows\system32\timedate.cpl --------- 515584  
 16.12.2011 10:46     C:\windows\system32\msvcrt.dll --------- 634880  
 19.11.2011 16:58     C:\windows\system32\packager.dll --------- 77312  
 17.11.2011 08:41     C:\windows\system32\ntdll.dll --------- 1731920  
 17.11.2011 08:35     C:\windows\system32\webio.dll --------- 395776  
 17.11.2011 08:35     C:\windows\system32\sspicli.dll --------- 136192  
 17.11.2011 08:35     C:\windows\system32\sspisrv.dll --------- 29184  
 17.11.2011 08:35     C:\windows\system32\secur32.dll --------- 28160  
 17.11.2011 08:35     C:\windows\system32\lsasrv.dll --------- 1447936  
 17.11.2011 08:33     C:\windows\system32\lsass.exe --------- 31232  
 05.11.2011 07:32     C:\windows\system32\tzres.dll --------- 2048  
 31.10.2011 22:34     C:\windows\system32\msls31.dll --------- 222208  
 31.10.2011 22:34     C:\windows\system32\RegisterIEPKEYs.exe --------- 89088  
 31.10.2011 22:34     C:\windows\system32\msrating.dll --------- 197120  
 31.10.2011 22:34     C:\windows\system32\mshta.exe --------- 12288  
 31.10.2011 22:34     C:\windows\system32\iepeers.dll --------- 145920  
----------------------------------------

 
C:\windows\Prefetch

----------------------------------------

 
C:\windows\Tasks

 16.07.2012 18:39     C:\windows\Tasks\SA.DAT --------- 6  
 13.07.2012 15:43     C:\windows\Tasks\SCHEDLGU.TXT --------- 32626  
----------------------------------------

 
C:\windows\Temp

----------------------------------------

 
C:\Users\OH\AppData\Local\Temp

 16.07.2012 20:05     C:\Users\OH\AppData\Local\Temp\RarSFX0 --------- 0  
 16.07.2012 19:52     C:\Users\OH\AppData\Local\Temp\11223344556677889900112233445566 --------- 1  
 16.07.2012 19:01     C:\Users\OH\AppData\Local\Temp\Temp2_McafeeRootkitDetective11.zip --------- 0  
 16.07.2012 18:56     C:\Users\OH\AppData\Local\Temp\~DF98A7438248D09E51.TMP --------- 180224  
 16.07.2012 18:40     C:\Users\OH\AppData\Local\Temp\WPDNSE --------- 0  
 16.07.2012 17:25     C:\Users\OH\AppData\Local\Temp\~DF91FE2A1187E1969A.TMP --------- 180224  
 16.07.2012 17:23     C:\Users\OH\AppData\Local\Temp\~DF5C4D207842AFFC95.TMP --------- 180224  
 16.07.2012 16:10     C:\Users\OH\AppData\Local\Temp\Temp1_McafeeRootkitDetective11.zip --------- 0  
 18.04.2012 17:43     C:\Users\OH\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  
----------------------------------------

 
C:\Program Files

 16.07.2012 16:03     C:\Program Files\Common Files --------- 4096  
 13.07.2012 10:07     C:\Program Files\Internet Explorer --------- 4096  
 11.05.2012 03:00     C:\Program Files\Windows Journal --------- 0  
 21.04.2012 17:52     C:\Program Files\Windows Mail --------- 0  
 21.04.2012 17:52     C:\Program Files\Windows Sidebar --------- 4096  
 21.04.2012 17:52     C:\Program Files\Windows Media Player --------- 4096  
 21.04.2012 17:52     C:\Program Files\Windows Photo Viewer --------- 4096  
 21.04.2012 17:52     C:\Program Files\Windows Defender --------- 4096  
 21.04.2012 17:51     C:\Program Files\DVD Maker --------- 0  
 18.04.2012 20:11     C:\Program Files\CanonBJ --------- 0  
 18.04.2012 19:22     C:\Program Files\Microsoft Office --------- 0  
 18.04.2012 17:39     C:\Program Files\Elantech --------- 4096  
 31.10.2011 22:07     C:\Program Files\Microsoft Games --------- 0  
 31.10.2011 07:40     C:\Program Files\Windows Live --------- 0  
 31.10.2011 07:06     C:\Program Files\Samsung --------- 0  
 31.10.2011 07:01     C:\Program Files\Samsung AnyWeb Print --------- 0  
 31.10.2011 06:48     C:\Program Files\Broadcom --------- 0  
 31.10.2011 06:48     C:\Program Files\Intel --------- 0  
 31.10.2011 06:46     C:\Program Files\NVIDIA Corporation --------- 4096  
 31.10.2011 06:44     C:\Program Files\Realtek --------- 0  
 21.11.2010 05:31     C:\Program Files\Windows Portable Devices --------- 0  
 14.07.2009 07:32     C:\Program Files\Windows NT --------- 0  
 14.07.2009 07:32     C:\Program Files\MSBuild --------- 0  
 14.07.2009 07:32     C:\Program Files\Reference Assemblies --------- 0  
 14.07.2009 07:09     C:\Program Files\Uninstall Information --------- 0  
 14.07.2009 06:54     C:\Program Files\desktop.ini --------- 174  
----------------------------------------

 
C:\ProgramData\.. 

Default    
Public    
OH    
Default User    
All Users    
desktop.ini    
----------------------------------------

 
C:\windows\system32\drivers\etc\hosts

127.0.0.1       localhost

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0         8.388 K
smss.exe                       332 Services                   0         1.200 K
csrss.exe                      468 Services                   0         4.772 K
wininit.exe                    528 Services                   0         4.552 K
csrss.exe                      556 Console                    1         9.100 K
services.exe                   596 Services                   0        10.452 K
lsass.exe                      612 Services                   0        12.984 K
lsm.exe                        624 Services                   0         4.476 K
winlogon.exe                   732 Console                    1         7.468 K
svchost.exe                    772 Services                   0        10.244 K
nvvsvc.exe                     844 Services                   0         7.520 K
svchost.exe                    884 Services                   0        10.204 K
svchost.exe                    968 Services                   0        24.784 K
svchost.exe                   1008 Services                   0       192.492 K
svchost.exe                    116 Services                   0        47.728 K
svchost.exe                    688 Services                   0        18.460 K
svchost.exe                   1068 Services                   0        34.640 K
spoolsv.exe                   1288 Services                   0        13.580 K
NvXDSync.exe                  1300 Console                    1        15.424 K
nvvsvc.exe                    1312 Console                    1        12.356 K
sched.exe                     1412 Services                   0        23.516 K
dwm.exe                       1636 Console                    1        39.064 K
taskhost.exe                  1700 Console                    1        10.228 K
explorer.exe                  1728 Console                    1        97.920 K
svchost.exe                   1860 Services                   0        31.384 K
avguard.exe                   1988 Services                   0        28.220 K
RichVideo.exe                 1424 Services                   0        23.108 K
sftvsa.exe                    2168 Services                   0        24.208 K
svchost.exe                   2220 Services                   0        28.600 K
sftlist.exe                   2248 Services                   0        51.904 K
CVHSVC.EXE                    2872 Services                   0        55.832 K
avshadow.exe                  3024 Services                   0         8.128 K
conhost.exe                   3032 Services                   0         2.816 K
SearchIndexer.exe             3068 Services                   0        25.944 K
rundll32.exe                  3156 Console                    1         6.200 K
svchost.exe                   3208 Services                   0         6.032 K
taskeng.exe                   3648 Console                    1         6.476 K
taskeng.exe                   3680 Console                    1         6.376 K
mbamservice.exe               3728 Services                   0       136.652 K
YCMMirage.exe                 3736 Console                    1        25.484 K
dmhkcore.exe                  3744 Console                    1        34.500 K
WifiManager.exe               3776 Console                    1        37.040 K
RAVCpl64.exe                  3884 Console                    1        10.864 K
ETDCtrl.exe                   3904 Console                    1        13.240 K
OpWareSE4.exe                 3988 Console                    1         9.360 K
avgnt.exe                     4004 Console                    1         3.384 K
SSMMgr.exe                    4036 Console                    1        43.844 K
mbamgui.exe                   4084 Console                    1        30.080 K
caller64.exe                   560 Console                    1         4.432 K
ETDCtrlHelper.exe             3924 Console                    1         7.308 K
svchost.exe                   3256 Services                   0        21.468 K
wmpnetwk.exe                  4280 Services                   0        11.588 K
svchost.exe                   4684 Services                   0        15.576 K
dllhost.exe                   4836 Services                   0         7.372 K
WCScheduler.exe               2752 Console                    1        51.324 K
SmartRestarter.exe            2736 Console                    1           528 K
FABS.exe                      3108 Services                   0        26.408 K
LMS.exe                       1584 Services                   0        13.928 K
SeaPort.EXE                   3064 Services                   0        31.108 K
svchost.exe                   2808 Services                   0         8.412 K
WLIDSVC.EXE                   4660 Services                   0        14.624 K
WLIDSVCM.EXE                  3164 Services                   0         3.452 K
UNS.exe                        756 Services                   0        33.008 K
CLMLSvc.exe                   3808 Console                    1        48.176 K
Media+Player10Serv.exe        3596 Console                    1        21.072 K
EasySpeedUpManager.exe        1880 Console                    1        25.224 K
MovieColorEnhancer.exe        4628 Console                    1        29.108 K
SSCKbdHk.exe                  3304 Console                    1        26.216 K
wuauclt.exe                    364 Console                    1         6.680 K
SUPBackground.exe             4328 Console                    1        36.272 K
firefox.exe                   1884 Console                    1       240.832 K
avcenter.exe                  3476 Console                    1        85.808 K
mbam.exe                       264 Console                    1       141.448 K
plugin-container.exe          2124 Console                    1        89.732 K
stinger.exe                   1544 Console                    1        85.648 K
SVRTgui.exe                   4312 Console                    1        32.176 K
notepad.exe                   4900 Console                    1         6.548 K
seamonkey.exe                 1056 Console                    1       172.544 K
OTL.exe                       3868 Console                    1        22.900 K
notepad.exe                   1888 Console                    1         7.528 K
notepad.exe                   4896 Console                    1         7.136 K
notepad.exe                   1560 Console                    1         7.112 K
SearchProtocolHost.exe         120 Services                   0         8.968 K
SearchFilterHost.exe          4124 Services                   0         8.756 K
audiodg.exe                   2596 Services                   0        18.188 K
cmd.exe                       1596 Console                    1         3.892 K
conhost.exe                   4540 Console                    1         5.644 K
tasklist.exe                  2564 Console                    1         5.732 K
WmiPrvSE.exe                  2704 Services                   0         6.356 K

 
***** Ende des Scans 17.07.2012 um  0:27:25,01 ***

[kira]

Herzlich Willkommen hier bei uns am HijackThis Supportboard!

Habe leider schlechte Nachricht für Dich, da hast Du Dir ein grausliches Tierchen eingefangen:

win32.ZAccess

- handelt es sich um ein schwer behandelbaren Problem
Das System sollte neu installiert werden, da die Bekämpfung diese neue Art der Infektion ohne div. Nebenwirkungen und hinterlassenen Schaden, die immer wieder [auf verschiedene Weise] Probleme bereiten können, ist nicht möglich!
- einen Backdoor mit Rootkitfunktionalität

diese Malware verwendet Rootkit-Technologie und Backdoor-Routine
*was sind Backdoors und Rootkits*

Verhaltensweise:
"speicherresident"

Erklärung:
Speicherresident nennt man Programme oder Programmteile, deren Daten während des Rechnerbetriebs nicht routinemässig auf Datenträger wie die Festplatte geschrieben und bei Bedarf wieder in den Arbeitsspeicher eingelesen werden, sondern die ganze Zeit im Arbeitsspeicher verbleiben.
Dazu gehören im Allgemeinen die für den Rechnerbetrieb zentralen und häufig durchgeführten Teile des Betriebsystems oder beim Programmablauf eines Anwendungsprogrammes ständig wiederkehrende Programmroutinen.
Einerseits verkürzen speicherresidente Programme die Zugriffszeiten, weil die für das Einlesen der Daten vom Datenträger in den Arbeitsspeicher benötigte Zeit entfällt. Andererseits verringern sie die verfügbare Kapazität des Arbeitsspeichers.
Speicherresident sind auch viele Viren, die dafür sorgen, dass das Betriebssytem sie die ganze Zeit im Arbeitsspeicher hält, von wo aus sie andere Programme infizieren können.

Datensicherung - Nur auf die nicht verzichten kannst:
Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen
** Empfehle ich Dir NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall!

die Sicherung wieder zurückspielen:
- die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten
- extern gesicherte Daten-Datenträger anschließen, gründlich scannen lassen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung
Absolut empfehlenswerter Scanner:

Eset Online Scanner (NOD32)
Panda-Aktivscan
Symantec Security Check

- Alle Passwörter, die auf dem kompromittierten System verwendet wurden (also z.B. Login-, Mail- oder Website-Passwörter, aber auch die PIN für das Online-Banking) sofort ändern ( am besten von einem anderen, nicht-infizierten Rechner aus! )

• Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
  auch noch hier unter: Sicheres Kennwort (Password)

► Neuaufsetzen (Windows XP, Vista und Windows 7) - Anleitungen
► Nachsorge

gruß
kira

[ollhei]

Erstmal tausend Dank für Deine Hilfe...auch wenn ich lieber eine andere Antwort erhalten hätte ....ich werde jetzt deine Punkte mal Schritt für Schritt abarbeiten....und melde mich bestimmt nochmal mit paar dusseligen Fragen..... ;-) .....Gruß aus Hamburg

[ollhei]

update---------

so habe jetzt den Rechner in den "Ursprungszustand" mit Samsung Recovery Solution 5 versetzt, da die komplette Software "vorinstalliert" war und ich über keine cd/dvd verfüge.
Dann hab ich den Eset online Scanner nochmal durchlaufen lassen und der hat nichts gefunden....die Dateien auf Laufwerk D: sind aber alle erhalten geblieben....ist das ggf. problematisch ???? kann ich jetzt noch irgendetwas tun ? ist der Rechner jetzt "clean"....was meinst Du ? Vielen Dank schon einmal im voraus !

und Panda hat nur ein paar Cookies gefunden:

Code:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2012-07-18 17:09:37
PROTECTIONS: 1
MALWARE: 7
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
avast! Antivirus                                                           Yes       Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\users\nonever\appdata\roaming\microsoft\windows\cookies\low\ae70tk93.txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           c:\users\nonever\appdata\roaming\microsoft\windows\cookies\low\nonever@atdmt[1].txt
00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           c:\users\nonever\appdata\roaming\microsoft\windows\cookies\low\nonever@mediaplex[1].txt
00167642  Cookie/Com.com                     TrackingCookie      No        0         Yes            No           c:\users\nonever\appdata\roaming\microsoft\windows\cookies\low\ik2va9ye.txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\users\nonever\appdata\roaming\microsoft\windows\cookies\low\lhtedz7j.txt
00168061  Cookie/Apmebf                      TrackingCookie      No        0         Yes            No           c:\users\nonever\appdata\roaming\microsoft\windows\cookies\low\nonever@apmebf[1].txt
00168090  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           c:\users\nonever\appdata\roaming\microsoft\windows\cookies\low\nonever@serving-sys[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent      Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity       Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

[kira]

zur Nachkontrolle:

MBR mit aswMBR von Avast prüfen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin).
XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten.
Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern.
Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread.

[ollhei]

Hier ist er:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-18 22:04:49
-----------------------------
22:04:49.320    OS Version: Windows x64 6.1.7601 Service Pack 1
22:04:49.320    Number of processors: 4 586 0x2A07
22:04:49.321    ComputerName: NONEVER-PC  UserName: nonever
22:04:49.772    Initialize success
22:04:49.898    AVAST engine defs: 12071800
22:05:30.414    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:05:30.419    Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 3
22:05:30.435    Disk 0 MBR read successfully
22:05:30.441    Disk 0 MBR scan
22:05:30.448    Disk 0 unknown MBR code
22:05:30.466    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:05:30.488    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       113664 MB offset 206848
22:05:30.496    Disk 0 Partition - 00     0F Extended LBA            167503 MB offset 232990720
22:05:30.550    Disk 0 Partition 3 00     27 Hidden NTFS WinRE NTFS        23977 MB offset 576036864
22:05:30.596    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       167502 MB offset 232992768
22:05:30.657    Disk 0 scanning C:\windows\system32\drivers
22:05:39.020    Service scanning
22:05:53.300    Modules scanning
22:05:53.320    Disk 0 trace - called modules:
22:05:53.360    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
22:05:53.371    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fff060]
22:05:53.383    3 CLASSPNP.SYS[fffff88001bc143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004da9050]
22:05:53.658    AVAST engine scan C:\windows
22:05:56.012    AVAST engine scan C:\windows\system32
22:07:20.525    AVAST engine scan C:\windows\system32\drivers
22:07:31.330    AVAST engine scan C:\Users\nonever
22:08:31.687    AVAST engine scan C:\ProgramData
22:09:54.520    Scan finished successfully
22:10:39.138    Disk 0 MBR has been saved successfully to "C:\Users\nonever\Documents\MBR.dat"
22:10:39.142    The log file has been saved successfully to "C:\Users\nonever\Documents\aswMBR 18-07-12.txt"

[kira]

sieht gut aus
sonst Probleme?

[ollhei]

nö....bis jetzt schaut alles normal aus und ich hoffe das bleibt auch so ......vielen vielen Dank nochmal !! ist ganz toll wie Ihr hier allen komplett "for free" helft !!! ganz dickes Doppel-Lob !!!!!