| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdecktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.07.2012, 13:56
| #1 |
| |  HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt Hi, nachdem ich gestern dummerweise die Zip-Datei (nicht die exe) des aktuellen "Paket nicht zustellbar, ihre Deutsche Post"-Spams geöffnet hatte, dachte ich mir es könnte nicht schaden mal eine aktive Suche nach Schädlingen zu starten. Indizien für einen Schädlingsbefall kann ich auf dem System nicht feststellen. Ich hab mich daraufhin hier im Forum ( http://www.trojaner-board.de/116915-...sche-post.html ) über den Post-Trojaner informiert und einen Vollscan mit Anti-Malware durchgeführt: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.23.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: *** [Administrator] 23.07.2012 14:08:38 mbam-log-2012-07-23 (18-36-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1022302 Laufzeit: 4 Stunde(n), 25 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\Installer\MSIC9F9.tmp (HackTool.Hiderun) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Anschließend habe ich den ESET Online Scanner gemäß der Anleitung ( http://www.trojaner-board.de/116915-...sche-post.html ) laufen lassen: Code:
ATTFilter C:\Users\AccIluD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6e8ca900-32b1644b a variant of Java/Exploit.CVE-2012-0507.B trojan
C:\Users\***AccMitUserRechten***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\729d2bc0-4badd85a Java/Exploit.Blacole.AN trojan
C:\Users\***AccMitUserRechten***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6281e90c-628a305a a variant of Java/TrojanDownloader.Agent.NDR trojan
Jetzt kam der Entschluss hier einen Thread zu erstellen, da ich befürchte noch mehr auf dem System zu haben. Nach disablen mit Defogger, OTL: Code:
ATTFilter OTL logfile created on: 24.07.2012 12:15:21 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,46% Memory free 6,19 Gb Paging File | 4,61 Gb Available in Paging File | 74,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 89,38 Gb Total Space | 28,67 Gb Free Space | 32,07% Space Free | Partition Type: NTFS Drive D: | 198,70 Gb Total Space | 4,56 Gb Free Space | 2,30% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.24 12:14:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.07.16 13:24:06 | 000,021,432 | ---- | M] () -- D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.07.16 13:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- D:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.07.16 13:23:56 | 000,975,800 | ---- | M] (Samsung) -- D:\Programme\Samsung\Kies\Kies.exe PRC - [2012.05.15 12:54:32 | 000,276,872 | ---- | M] (hxxp://tortoisesvn.net) -- D:\Programme\TortoiseSVN\bin\TSVNCache.exe PRC - [2012.05.08 19:36:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 19:35:57 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.08 19:35:56 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 19:35:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.03.22 12:14:16 | 000,452,880 | ---- | M] (SANDBOXIE L.T.D) -- D:\Programme\Sandboxie\SbieCtrl.exe PRC - [2012.03.22 12:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- D:\Programme\Sandboxie\SbieSvc.exe PRC - [2012.01.12 11:59:26 | 002,789,280 | ---- | M] (Binary Fortress Software) -- D:\Programme\DisplayFusion\DisplayFusion.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.27 20:14:52 | 000,034,904 | ---- | M] () -- C:\Windows\System32\nwtray.exe PRC - [2011.11.27 20:14:52 | 000,016,984 | ---- | M] (Novell, Inc.) -- C:\Programme\Novell\Client\XTier\Services\xtsvcmgr.exe PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.15 10:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.09.22 17:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe PRC - [2011.09.22 17:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2010.09.20 22:20:56 | 003,326,976 | ---- | M] (ANSYS, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe PRC - [2010.09.20 22:20:56 | 001,840,128 | ---- | M] (ANSYS, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansysli_monitor.exe PRC - [2010.09.01 16:56:54 | 000,254,004 | ---- | M] (ZF Electronics GmbH) -- C:\Programme\Cherry\KeyMan\KeyMan.exe PRC - [2010.08.25 15:09:24 | 000,577,582 | ---- | M] (ZF Electronics GmbH) -- C:\Programme\Cherry\CDI\cdi.exe PRC - [2010.07.26 03:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2010.04.28 18:32:36 | 001,664,512 | ---- | M] (ANSYS, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansyslmd.exe PRC - [2010.04.28 17:30:55 | 001,334,096 | ---- | M] (Flexera Software, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\lmgrd.exe PRC - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009.06.01 12:12:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.06.19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- D:\Programme\Cisco VPN Client\cvpnd.exe PRC - [2008.05.23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.05.23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.05.22 10:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2008.04.25 14:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2008.04.17 08:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.12 06:19:52 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2008.02.12 06:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:25:07 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.21 04:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2012.07.19 16:57:26 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f680a94891833af168ba32a06e22ed3e\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2012.07.19 16:57:25 | 014,336,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\4d87d775fe42967b4f8cd11ee5252863\Kies.Theme.ni.dll MOD - [2012.07.19 16:57:25 | 000,506,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\d2bc057169af41354b280376edbb0755\Kies.Common.MediaDB.ni.dll MOD - [2012.07.19 16:57:23 | 000,275,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\1c17bc03b5ad69423cbc5e4083422808\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2012.07.19 16:57:23 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\0d10782d5bb3202de9f6ac5525e2e4dd\Kies.Common.AllShare.ni.dll MOD - [2012.07.19 16:57:22 | 000,563,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c110809ea71a0da915bff8c3564de677\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2012.07.19 16:57:22 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\9b1193903f06caa02f285505fc6b120b\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2012.07.19 16:57:21 | 000,561,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6ce4f1fa8f860381b026c8b22849fc1c\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2012.07.19 16:57:20 | 000,894,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a80d64713a7f3e5e23bf40495dbc55f3\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2012.07.19 16:57:18 | 002,187,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\da8ddf39dd8a4761b8a1e7157484ed58\Kies.Common.Multimedia.ni.dll MOD - [2012.07.19 16:57:17 | 001,011,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\fb2290f722e5555cf91381929ca923bf\Kies.Common.DeviceService.ni.dll MOD - [2012.07.19 16:57:13 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\9d5f73031e82f2c167795a8f97a0639b\Kies.Common.MainUI.ni.dll MOD - [2012.07.19 16:57:12 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\7d995cd7f459b3f347fcb35470726b0b\Kies.Common.DBManager.ni.dll MOD - [2012.07.19 16:57:11 | 000,261,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\cfd7afc6f4c348121fc98fee8c32f0e1\Kies.Common.Util.ni.dll MOD - [2012.07.19 16:57:09 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\f4f035d7d0d6e3bfba6032a3fbfdb140\Kies.ni.exe MOD - [2012.07.19 16:57:09 | 001,689,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7500c4d25baa63d88698f97d1824fa78\Kies.UI.ni.dll MOD - [2012.07.16 13:24:06 | 000,021,432 | ---- | M] () -- D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012.07.13 12:17:11 | 000,115,137 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll MOD - [2012.07.13 12:14:58 | 000,194,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\4401f8d840e3d7a09d7f555a53d713ef\ASF_cSharpAPI.ni.dll MOD - [2012.07.13 12:14:58 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\7659186cf36ec04feb3156802c29507d\Kies.Common.StoreManager.ni.dll MOD - [2012.07.13 12:14:57 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AdminCmdAgent\8c8e5aa9d6ccbb5d34bc24fb6c626953\AdminCmdAgent.ni.dll MOD - [2012.07.13 12:14:52 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d94dc15b2daff1d72d41f1def3a0b021\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2012.07.13 12:14:48 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2012.07.13 12:14:47 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\ef9f4aaffdadfc31070e1a838951b277\Interop.PRPLAYERCORELib.ni.dll MOD - [2012.07.13 12:14:44 | 001,381,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7a59be2dfd1d3f99b3489eea8df66016\Kies.Locale.ni.dll MOD - [2012.07.13 12:14:43 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\adb0105c92aaf42f571a2fd25a4228a9\Kies.MVVM.ni.dll MOD - [2012.07.13 12:14:41 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\3f6f79987f17c00edce423932abd1cf2\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2012.07.13 12:14:38 | 001,181,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\73962fb5234895e46e79de6e1711d093\Kies.Interface.ni.dll MOD - [2012.07.01 22:07:06 | 000,036,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.CmdAgentLib\7fc3c42741a72b2e85996570a0bf76ec\Interop.CmdAgentLib.ni.dll MOD - [2012.07.01 22:07:00 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\96cb2ec6e8aeaacd26c6034d876f3ac2\Interop.DevFileServiceLib.ni.dll MOD - [2012.07.01 22:06:48 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012.07.01 22:06:45 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2012.07.01 22:06:43 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2012.07.01 22:06:33 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\2d7161baa59dd2c1c39f4a192d760e7d\ICSharpCode.SharpZipLib.ni.dll MOD - [2012.07.01 22:06:33 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll MOD - [2012.07.01 22:06:29 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\9a6bad5be6518d4a975893676a49a82c\Interop.DeviceSearchLib.ni.dll MOD - [2012.07.01 22:06:07 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll MOD - [2012.07.01 22:05:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll MOD - [2012.07.01 22:05:22 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.07.01 21:54:01 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012.07.01 21:54:00 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll MOD - [2012.07.01 21:53:30 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012.07.01 21:53:25 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012.07.01 21:53:24 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.07.01 21:53:08 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012.07.01 21:53:02 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012.07.01 21:52:56 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.07.01 21:52:51 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012.07.01 21:52:49 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.07.01 21:52:39 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012.06.13 21:48:34 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll MOD - [2012.06.13 21:36:35 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll MOD - [2012.06.13 21:24:24 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.13 21:24:10 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.05.15 12:54:16 | 000,070,536 | ---- | M] () -- D:\Programme\TortoiseSVN\bin\libsasl32.dll MOD - [2012.05.10 15:28:19 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll MOD - [2012.05.10 15:26:45 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\442135bc0b503b42ab2d752c23bea631\System.Security.ni.dll MOD - [2012.05.10 10:59:14 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.10 10:57:09 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.10 10:56:57 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2012.01.09 20:44:20 | 000,166,912 | ---- | M] () -- D:\Programme\WinRAR\RarExt.dll MOD - [2011.11.27 20:14:52 | 000,907,352 | ---- | M] () -- C:\Windows\System32\ncnetprovider.dll MOD - [2011.11.27 20:14:52 | 000,230,488 | ---- | M] () -- C:\Windows\System32\nwshlxnt.dll MOD - [2011.11.27 20:14:52 | 000,156,760 | ---- | M] () -- C:\Windows\System32\mapbase.dll MOD - [2011.11.27 20:14:52 | 000,092,760 | ---- | M] () -- C:\Windows\System32\nclangid.dll MOD - [2011.11.27 20:14:52 | 000,034,904 | ---- | M] () -- C:\Windows\System32\nwtray.exe MOD - [2011.11.27 19:43:38 | 000,487,936 | ---- | M] () -- C:\Windows\System32\nls\english\ncnetproviderr.dll MOD - [2011.11.27 19:42:44 | 000,101,376 | ---- | M] () -- C:\Windows\System32\nls\english\nwshlxntr.dll MOD - [2011.11.27 19:42:08 | 000,086,016 | ---- | M] () -- C:\Windows\System32\nls\english\mapbaser.dll MOD - [2011.11.27 19:38:56 | 000,015,872 | ---- | M] () -- C:\Windows\System32\nls\english\nclangidr.dll MOD - [2010.06.13 23:54:28 | 000,094,208 | ---- | M] () -- D:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2009.06.02 15:00:00 | 000,093,696 | ---- | M] () -- D:\Programme\UltraEdit\ue32ctmn.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll MOD - [2006.02.22 16:47:44 | 000,073,728 | ---- | M] () -- C:\Programme\Cherry\KeyMan\zlib1.dll MOD - [2006.02.22 16:47:16 | 000,114,688 | ---- | M] () -- C:\Programme\Cherry\KeyMan\libpng13.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.18 15:33:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 19:36:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 19:35:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.03.22 12:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.27 20:14:52 | 000,016,984 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Programme\Novell\Client\XTier\Services\xtsvcmgr.exe -- (XTSvcMgr) SRV - [2011.10.18 00:11:03 | 001,673,520 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\DIAL GmbH\DIAL Communication Framework\DialComService.exe -- (DialComService) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.09.22 17:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV - [2011.09.22 17:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2011.09.22 17:17:26 | 000,370,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SRV - [2011.09.22 17:17:26 | 000,255,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$AUTODESKVAULT) SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.09.20 22:20:56 | 003,326,976 | ---- | M] (ANSYS, Inc.) [Auto | Running] -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe -- (ANSYS, Inc. License Manager) SRV - [2010.08.25 15:09:24 | 000,577,582 | ---- | M] (ZF Electronics GmbH) [On_Demand | Running] -- C:\Programme\Cherry\CDI\cdi.exe -- (Cherry Device Interface) SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService) SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.11.16 19:12:10 | 000,079,360 | ---- | M] (SolidWorks) [Disabled | Stopped] -- C:\Programme\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service) SRV - [2009.07.21 04:04:00 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2009.06.01 12:12:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2008.10.13 20:01:55 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2008.06.19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- D:\Programme\Cisco VPN Client\cvpnd.exe -- (CVPND) SRV - [2008.05.23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.05.23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.05.13 01:47:20 | 000,077,480 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:25:07 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv) SRV - [2005.09.23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017unic.sys -- (s0017unic) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017obex.sys -- (s0017obex) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017nd5.sys -- (s0017nd5) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017mgmt.sys -- (s0017mgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017mdm.sys -- (s0017mdm) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017mdfl.sys -- (s0017mdfl) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017bus.sys -- (s0017bus) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\NSNDIS5.SYS -- (NSNDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Auto | Stopped] -- SYSTEM32\drivers\DS1410D.SYS -- (DS1410D) DRV - [2012.07.23 14:06:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.06.26 16:02:36 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2012.06.03 20:26:36 | 000,134,928 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2012.05.21 04:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.05.21 04:09:00 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012.05.08 19:36:01 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 19:36:01 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.05.04 09:41:24 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm) DRV - [2012.04.22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.11.27 20:14:52 | 000,111,192 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\ncrecognizer.sys -- (NCRecognizer) DRV - [2011.11.27 20:14:52 | 000,091,736 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\ncfilter.sys -- (NCFilter) DRV - [2011.11.27 20:14:52 | 000,090,712 | ---- | M] () [File_System | Auto | Running] -- C:\Programme\Novell\Client\XTier\Drivers\ncfsd.sys -- (NCFSD) DRV - [2011.11.27 20:14:52 | 000,066,136 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\ndmndap.sys -- (ndmndap) DRV - [2011.11.27 20:14:52 | 000,065,112 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nciom.sys -- (nciom) DRV - [2011.11.27 20:14:52 | 000,064,088 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\ncp.sys -- (ncp) DRV - [2011.11.27 20:14:52 | 000,060,504 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\Novell\Client\XTier\Drivers\ncioctl.sys -- (NCIOCTL) DRV - [2011.11.27 20:14:52 | 000,045,656 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nipctl.sys -- (nipctl) DRV - [2011.11.27 20:14:52 | 000,045,144 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\xtxplat.sys -- (xtxplat) DRV - [2011.11.27 20:14:52 | 000,041,048 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\ncpl.sys -- (ncpl) DRV - [2011.11.27 20:14:52 | 000,030,808 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\niam.sys -- (niam) DRV - [2011.11.27 20:14:52 | 000,028,760 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nsvccost.sys -- (nsvccost) DRV - [2011.11.27 20:14:52 | 000,027,224 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nscm.sys -- (nscm) DRV - [2011.11.27 20:14:52 | 000,027,224 | ---- | M] (Novell, Inc.) [Kernel | System | Running] -- C:\Programme\Novell\Client\XTier\Drivers\nicm.sys -- (NICM) DRV - [2011.11.27 20:14:52 | 000,022,616 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\ncuncfilter.sys -- (NCUncFilter) DRV - [2011.11.27 20:14:52 | 000,022,104 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nsns.sys -- (nsns) DRV - [2011.11.27 20:14:52 | 000,018,520 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\ndm.sys -- (ndm) DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105) DRV - [2011.07.29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2011.07.29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2011.07.08 01:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.01.18 17:38:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100) DRV - [2010.07.30 09:47:40 | 000,054,528 | ---- | M] (ZF Electronics GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ch2kPS2M.sys -- (Ch2kPS2M) DRV - [2010.07.14 13:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.03.06 01:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews) DRV - [2009.06.04 18:41:02 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2009.06.04 18:41:02 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.02.27 23:38:40 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.02.27 23:38:30 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008.08.09 20:31:10 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008.06.25 07:26:34 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2008.06.19 18:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.05.20 21:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.05.08 11:51:18 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor) DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.03.28 12:19:54 | 001,363,088 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini) DRV - [2008.01.24 11:41:34 | 000,130,560 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ch2kPS2.sys -- (Ch2kPS2) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.08.23 09:29:06 | 000,112,512 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ch2kUSB.sys -- (Ch2kUSB) DRV - [2007.01.29 07:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\..\SearchScopes,DefaultScope = {25A74407-F8E8-429E-BF07-7A00F314FAD7} IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\..\SearchScopes\{25A74407-F8E8-429E-BF07-7A00F314FAD7}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.8 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - prefs.js..extensions.enabledItems: {7c6d11c6-41b5-11dc-8314-0800200c9a66}:1.0.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.03.05 12:37:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.07.18 15:33:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.06.18 11:28:02 | 000,000,000 | ---D | M] [2008.08.07 21:30:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.07.18 16:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions [2010.04.28 05:26:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.04 19:47:06 | 000,000,000 | ---D | M] (GA?) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\{7c6d11c6-41b5-11dc-8314-0800200c9a66} [2012.05.21 08:13:14 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.06.21 07:14:51 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\https-everywhere@eff.org [2012.05.21 08:13:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\ich@maltegoetz.de [2012.03.05 12:37:01 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2012.02.12 12:34:45 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NC71XMT7.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2012.06.21 10:47:11 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NC71XMT7.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI [2012.06.18 11:28:10 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} O1 HOSTS File: ([2012.07.16 17:50:00 | 000,444,198 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 adlimg24.com O1 - Hosts: 127.0.0.1 www.adlimg24.com O1 - Hosts: 127.0.0.1 dmwd.com O1 - Hosts: 127.0.0.1 www.dmwd.com O1 - Hosts: 127.0.0.1 ads1.dmwd.com O1 - Hosts: 127.0.0.1 ad1.dmwd.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 15260 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - d:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CherryKeyMan] C:\Program Files\Cherry\KeyMan\KeyMan.exe (ZF Electronics GmbH) O4 - HKLM..\Run: [KiesTrayAgent] D:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [NWTRAY] C:\Windows\System32\nwtray.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [] File not found O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [Akamai NetSession Interface] C:\Users\***\AppData\Local\Akamai\netsession_win.exe File not found O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [DisplayFusion] D:\Programme\DisplayFusion\DisplayFusion.exe (Binary Fortress Software) O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [KiesAirMessage] D:\Programme\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [KiesHelper] D:\Programme\Samsung\Kies\KiesHelper.exe /s File not found O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [KiesPDLR] D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [KiesPreload] D:\Programme\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [SandboxieControl] D:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1026..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Miranda IM.lnk = D:\Programme\Miranda IM\miranda32.exe ( ) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {0427F569-3D57-4F10-B9FB-8D71A6A7BE24} file:///C:/Users/***/AppData/Local/Temp/FV2GA4/frmeditor.ocx (FormelEditor Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D63BB5D6-83F2-4FF7-B6D2-5077BD3BFECC}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\DisplayFusion\Wallpaper_2.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\DisplayFusion\Wallpaper_2.jpg O30 - LSA: Authentication Packages - (ncv1_0) - C:\Windows\System32\ncv1_0.dll () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{48f5aa25-d296-11de-840d-001f3ad0f344}\Shell - "" = AutoRun O33 - MountPoints2\{48f5aa25-d296-11de-840d-001f3ad0f344}\Shell\AutoRun\command - "" = I:\SETUP.EXE O33 - MountPoints2\{48f5aa25-d296-11de-840d-001f3ad0f344}\Shell\configure\command - "" = I:\SETUP.EXE O33 - MountPoints2\{48f5aa25-d296-11de-840d-001f3ad0f344}\Shell\install\command - "" = I:\SETUP.EXE O33 - MountPoints2\{493b8ce5-7db1-11e1-9eb5-af02a593ae9a}\Shell - "" = AutoRun O33 - MountPoints2\{493b8ce5-7db1-11e1-9eb5-af02a593ae9a}\Shell\AutoRun\command - "" = G:\SISetup.exe O33 - MountPoints2\{c01de28e-afc4-11e1-8f30-df05454c827e}\Shell - "" = AutoRun O33 - MountPoints2\{c01de28e-afc4-11e1-8f30-df05454c827e}\Shell\AutoRun\command - "" = H:\iStudio.exe O33 - MountPoints2\{fb2ba953-25ff-11de-8289-001f3ad0f344}\Shell - "" = AutoRun O33 - MountPoints2\{fb2ba953-25ff-11de-8289-001f3ad0f344}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.24 12:14:33 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.23 18:53:14 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012.07.23 14:06:04 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.07.23 14:06:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.07.23 14:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.23 14:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.23 14:05:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.23 14:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.23 14:04:50 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.18 14:54:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TortoiseSVN [2012.07.18 14:42:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TSVNCache [2012.07.18 14:36:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Subversion [2012.07.18 14:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN [2012.07.18 14:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays [2012.07.14 00:10:52 | 000,000,000 | ---D | C] -- C:\Users\***\.android [2012.07.14 00:10:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools [2012.07.01 23:44:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SelfMV [2012.07.01 23:39:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MDG [2012.07.01 23:31:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Temp [2012.07.01 22:21:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Samsung [2012.07.01 22:21:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Samsung [2012.07.01 22:20:57 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\samsung [2012.07.01 22:04:26 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2012.07.01 22:04:26 | 000,080,824 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2012.07.01 22:00:27 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2012.07.01 21:59:39 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2012.07.01 21:59:39 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys [2012.07.01 21:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2012.07.01 21:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2012.07.01 21:49:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.01 21:46:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.24 12:14:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.24 12:13:31 | 000,858,828 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.24 12:13:31 | 000,797,570 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.24 12:13:31 | 000,215,302 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.24 12:13:31 | 000,179,554 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.24 12:06:54 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.24 12:06:54 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.24 12:06:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.24 12:05:38 | 000,013,632 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.07.24 12:05:08 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.07.24 12:03:50 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.07.23 18:53:18 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012.07.23 18:44:38 | 000,001,928 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.07.23 14:06:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.07.23 14:05:44 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.23 14:04:57 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.23 13:39:00 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.07.23 09:36:29 | 000,194,560 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.16 17:50:00 | 000,444,198 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.07.13 00:24:32 | 000,011,527 | ---- | M] () -- C:\Users\***\gsview32.ini [2012.07.11 23:57:08 | 000,167,936 | ---- | M] () -- C:\Users\***\Documents\Excel2LaTeX.xla [2012.07.11 00:37:28 | 002,470,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.11 00:32:49 | 367,189,208 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.07.06 13:47:40 | 000,088,302 | ---- | M] () -- C:\Windows\FontData.fdb [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.26 16:03:06 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2012.06.26 16:02:36 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2012.06.26 16:02:36 | 000,020,032 | ---- | M] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys [2012.06.24 21:03:20 | 000,021,504 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.24 12:04:40 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.07.24 12:03:49 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.07.23 14:05:44 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.12 00:04:57 | 000,167,936 | ---- | C] () -- C:\Users\***\Documents\Excel2LaTeX.xla [2012.06.03 20:25:52 | 000,001,928 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.05.05 10:38:35 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2012.05.05 10:38:34 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2012.05.05 10:38:34 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2012.05.05 10:38:34 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2012.05.05 10:38:34 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2012.04.03 19:56:30 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE [2012.04.03 19:56:30 | 000,147,456 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL [2012.04.03 19:56:14 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.dll [2012.04.03 19:56:11 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll [2012.04.03 19:56:08 | 000,054,272 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll [2012.03.21 18:12:55 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2012.03.09 11:28:33 | 000,498,589 | ---- | C] () -- C:\Users\***\LifeHacks.jpg [2012.03.04 22:28:54 | 000,001,855 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2012.02.27 19:08:04 | 004,384,161 | ---- | C] () -- C:\Users\***\T-Touch manual.pdf [2012.02.22 17:13:33 | 000,000,092 | ---- | C] () -- C:\Windows\Dialux.ini [2012.02.19 23:14:43 | 000,007,696 | ---- | C] () -- C:\Users\***\untitled1_MAS.bak [2011.11.27 20:14:52 | 001,832,536 | ---- | C] () -- C:\Windows\System32\noveap.dll [2011.11.27 20:14:52 | 000,907,352 | ---- | C] () -- C:\Windows\System32\ncnetprovider.dll [2011.11.27 20:14:52 | 000,662,104 | ---- | C] () -- C:\Windows\System32\ncloginui.dll [2011.11.27 20:14:52 | 000,424,024 | ---- | C] () -- C:\Windows\System32\nccredprovider.dll [2011.11.27 20:14:52 | 000,230,488 | ---- | C] () -- C:\Windows\System32\nwshlxnt.dll [2011.11.27 20:14:52 | 000,185,944 | ---- | C] () -- C:\Windows\System32\lgnwnt32.dll [2011.11.27 20:14:52 | 000,156,760 | ---- | C] () -- C:\Windows\System32\mapbase.dll [2011.11.27 20:14:52 | 000,111,192 | ---- | C] () -- C:\Windows\System32\drivers\ncrecognizer.sys [2011.11.27 20:14:52 | 000,092,760 | ---- | C] () -- C:\Windows\System32\nclangid.dll [2011.11.27 20:14:52 | 000,091,736 | ---- | C] () -- C:\Windows\System32\drivers\ncfilter.sys [2011.11.27 20:14:52 | 000,039,512 | ---- | C] () -- C:\Windows\System32\ncv1_0.dll [2011.11.27 20:14:52 | 000,034,904 | ---- | C] () -- C:\Windows\System32\nwtray.exe [2011.11.27 20:14:52 | 000,026,200 | ---- | C] () -- C:\Windows\System32\loginw32.exe [2011.11.27 20:14:52 | 000,022,616 | ---- | C] () -- C:\Windows\System32\drivers\ncuncfilter.sys [2011.11.27 20:14:52 | 000,014,424 | ---- | C] () -- C:\Windows\System32\nccredlogonext.dll [2011.03.07 00:04:52 | 000,017,708 | ---- | C] () -- C:\Users\***\temp.rar [2010.04.11 20:47:10 | 000,021,504 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2009.11.16 00:45:46 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\Temptable.xml [2009.07.20 16:52:12 | 000,000,093 | ---- | C] () -- C:\Users\***\psv.ini [2009.07.10 13:08:05 | 000,011,527 | ---- | C] () -- C:\Users\***\gsview32.ini [2009.06.07 19:19:38 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.05.31 13:28:05 | 000,022,420 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2008.09.12 12:19:23 | 000,015,503 | ---- | C] () -- C:\Users\***\Telekom Shop Bankverbindung.html [2008.08.07 16:13:33 | 000,194,560 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2012.02.04 07:14:50 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\Cherry [2010.05.07 21:29:46 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\ICAClient [2011.03.27 06:30:39 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\IM [2011.01.23 12:11:17 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\Nokia [2011.01.23 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\Nokia Ovi Suite [2011.01.23 12:06:12 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\PC Suite [2012.07.20 19:28:56 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\Subversion [2011.03.22 20:17:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ansys [2010.01.22 23:23:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk [2010.08.17 21:13:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BlackBean [2011.01.27 19:45:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CADClick [2011.05.15 22:33:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre [2009.07.01 22:19:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2012.01.30 09:23:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cherry [2008.08.09 20:30:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools [2010.02.01 13:23:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DassaultSystemes [2012.06.18 23:20:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DisplayFusion [2012.05.03 21:33:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc [2010.02.01 13:27:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EDrawings [2009.07.09 14:08:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eXPert PDF Editor [2010.01.18 15:02:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Faustkeil [2011.07.18 14:01:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2012.04.14 21:47:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER [2010.05.04 17:50:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICAClient [2012.02.01 11:03:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2012.05.04 15:09:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IM [2012.03.04 22:29:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape [2012.04.14 22:57:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2011.06.19 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ITI GmbH [2012.05.28 00:21:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media [2010.10.06 21:27:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.08.31 10:25:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2010.01.23 01:13:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Luxology [2012.02.10 19:13:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2011.02.14 10:27:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NoNameScript [2009.06.15 15:27:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2009.05.31 13:28:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2012.07.19 16:54:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2008.09.05 12:50:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft [2011.12.03 11:43:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SFBot [2012.07.18 14:36:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion [2012.04.02 16:34:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software [2012.07.01 23:45:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp [2011.07.24 21:16:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity [2011.02.06 22:31:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinEdt Team [2012.02.28 01:33:21 | 000,000,000 | ---D | M] -- C:\Users\***AndererAccMitUserRechten***\AppData\Roaming\Cherry [2012.02.28 01:31:21 | 000,000,000 | ---D | M] -- C:\Users\***AndererAccMitUserRechten***\AppData\Roaming\PC Suite [2012.07.24 12:05:45 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\***\Desktop\bernie_MotoGP_BestOf.avi:TOC.WMV < End of report > MusicCityDownload.exe im Windowsordner scheint wohl von Kies (iTunes-Ersatz von Samsung) zu kommen. ( hxxp://gadgets.itwriting.com/971-why-is-musiccitydownload-exe-in-my-windows-folder.html ) OTL-Extras: Code:
ATTFilter OTL Extras logfile created on: 24.07.2012 12:15:21 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,46% Memory free
6,19 Gb Paging File | 4,61 Gb Available in Paging File | 74,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 89,38 Gb Total Space | 28,67 Gb Free Space | 32,07% Space Free | Partition Type: NTFS
Drive D: | 198,70 Gb Total Space | 4,56 Gb Free Space | 2,30% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- D:\Programme\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- D:\Programme\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1614058835-672721566-3778044925-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]|
"{FA47EC7E-4AA0-420B-89C3-C6F5C368A6F4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B3B4516-6AF8-4175-9DB9-AD76926A0979}" = dir=in | app=d:\programme\skype\phone\skype.exe |
"{0DA83F54-2434-4BA8-A531-32D36424E728}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{30394370-CD25-4DD3-8B2E-A0320B2579E5}" = protocol=6 | dir=in | app=d:\programme\displayfusion\displayfusion.exe |
"{327DAE70-5151-43D2-9FDD-02B01DA942F0}" = protocol=17 | dir=in | app=d:\programme\displayfusion\displayfusion.exe |
"{3F9ECE31-3833-491C-BD8F-7AA823350A8D}" = protocol=6 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\math.exe |
"{47A11383-4D64-409E-A95B-DB9502A25CD0}" = protocol=6 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\mathkernel.exe |
"{4BC00A92-7392-4955-8571-E7D79776D9E1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5394D5A6-272B-4CFC-9085-6B4FA8F2FD17}" = protocol=17 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\mathematica.exe |
"{5C5D490D-BA6A-47E5-9E3D-77DEC8677F8E}" = protocol=17 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\mathkernel.exe |
"{6C23E28D-EAAF-45F8-A132-4523748808E6}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{8AC3DB58-5918-4583-91BF-3A7AE2392B2E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8FDD2DFB-93CE-4550-A7E3-E01EF8E0604D}" = protocol=6 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\mathematica.exe |
"{9FA25F3E-A1E5-42D6-8754-8AEAD6FE7648}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{A0DA9464-8B44-4C62-B6A6-69BBADFFE6F0}" = protocol=17 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\math.exe |
"{B4A27011-54EE-4ABF-8EF1-B256113E208B}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{B77E7455-5E8E-4A95-B001-B2D770224ACE}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{B841D5E1-4F92-4A7E-B7BB-25E3416C4B87}" = dir=in | app=d:\spiele\port royale 3\portroyale3.exe |
"{BA568739-211D-4395-BCE5-339586B1FD74}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D5ACFD9A-E4DE-40B5-B1D2-1BA3F92F5772}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{D74D42CA-414E-445D-A482-6CA5425ACF3D}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{E1F406D7-9580-47E5-99FC-8FD2E8683AE2}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{EAA0EF14-2BBC-4D08-9CA4-7219CFE5FB02}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{F2E9649C-87B0-4064-8EE9-5652B4811629}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{0003BF3D-4ADD-40CC-A0A2-B9DA1DF80E9B}D:\spiele\counter strike\hl.exe" = protocol=6 | dir=in | app=d:\spiele\counter strike\hl.exe |
"TCP Query User{066B394A-C83F-448D-9C8B-1ECFD51B809B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{072BF13F-F4F9-4D0D-8E57-644F17BB098F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{0F806D5F-5F63-4DC3-8F23-7ECEC69A2E40}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{11C5A31C-4DF6-4F72-A2A8-1A8AB012AB8F}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"TCP Query User{139E875D-9716-4A53-8BC0-C5BA9010E072}D:\programme\maple 15\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\programme\maple 15\jre\bin\maple.exe |
"TCP Query User{20356FB0-A3E9-4343-8FE9-F8760EABFC05}D:\programme\maple 12\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\programme\maple 12\jre\bin\maple.exe |
"TCP Query User{24642AD8-ECA2-4F48-8C93-1305DEC72BB0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{267FDCA5-E355-4676-857A-EC61A4690FEB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2A35A38C-305C-4F66-BC02-E813E58B8536}D:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe |
"TCP Query User{3320EBAD-44C1-49E2-A6B6-14753539EC90}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{43F4406F-AF14-4B0C-961C-D4F0E0B0D189}D:\programme\autodesk\inventor 2010\bin\inventor.exe" = protocol=6 | dir=in | app=d:\programme\autodesk\inventor 2010\bin\inventor.exe |
"TCP Query User{47601E78-31B8-4D81-8F82-C9C71902C854}D:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe |
"TCP Query User{58214E82-4186-42AF-B3CE-BD431F72DBD4}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"TCP Query User{5831E173-CA42-4FF2-BB76-C899871EFA32}D:\programme\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\programme\miranda im\miranda32.exe |
"TCP Query User{60DA34A1-1658-485C-8BDF-9B22156295A8}D:\programme\ansys inc\v130\aisol\bin\intel\ansyswbu.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\aisol\bin\intel\ansyswbu.exe |
"TCP Query User{65B98C32-2635-4E83-A367-780BE9F6D6EE}D:\programme\maple 12\jre\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\maple 12\jre\bin\java.exe |
"TCP Query User{69B9C597-8903-4512-A98A-FFBEEA88A3F3}D:\programme\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\programme\miranda im\miranda32.exe |
"TCP Query User{74713D6F-C83C-47B8-BC3A-D4F3A26A6476}C:\program files\ansys inc\shared files\licensing\win32\ansyslmd.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\win32\ansyslmd.exe |
"TCP Query User{75F9AA11-6367-45F9-8BD1-73E6637ADFF1}D:\spiele\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=d:\spiele\anno 1701\anno1701.exe |
"TCP Query User{79FDAA71-A69F-4DE9-9471-7D140396E9B4}D:\download\netscan.exe" = protocol=6 | dir=in | app=d:\download\netscan.exe |
"TCP Query User{7C6B9D0A-A24F-49A4-8FFA-CEF99296ABA1}D:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii\war3.exe |
"TCP Query User{8E52B57A-0CDB-49BF-973B-6B2D945C9C04}D:\programme\ansys inc\shared files\licensing\win32\ansysli_client.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\shared files\licensing\win32\ansysli_client.exe |
"TCP Query User{902E698B-1432-4423-B1DB-6D55086E714C}D:\programme\ansys inc\v130\rsm\bin\ans.rsm.admin.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\rsm\bin\ans.rsm.admin.exe |
"TCP Query User{92EB2E50-AF5D-429C-8AF5-C103AAC43381}D:\programme\ansys inc\v130\framework\bin\win32\ansysfww.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\framework\bin\win32\ansysfww.exe |
"TCP Query User{92FECA96-B18A-4402-85CD-BBE293C98B30}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{9433A55A-F287-484E-9634-B447959915F3}D:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe |
"TCP Query User{9962F9F9-BD43-4C64-9623-522D5592647D}D:\programme\icq6\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6\icq.exe |
"TCP Query User{A33D55C0-F959-4E40-85A9-B4EB2119E185}C:\program files\ansys inc\shared files\licensing\win32\lmgrd.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\win32\lmgrd.exe |
"TCP Query User{A3826CF1-9126-41FB-A920-319A46522F6D}D:\spiele\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\spiele\fifa 11\game\fifa.exe |
"TCP Query User{A81D10CD-AC50-42B5-AD53-F7B043584071}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{B192334C-4E5F-44D1-BE85-6EBD98192276}C:\program files\matlab\r2008a\bin\win32\matlab.exe" = protocol=6 | dir=in | app=c:\program files\matlab\r2008a\bin\win32\matlab.exe |
"TCP Query User{B793AF81-5456-45D7-B421-37FF8C999BE0}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{B839459C-885A-47A5-B2BE-B95C89998B9D}D:\programme\ansys inc\v130\rsm\bin\ans.rsm.jmhost130.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\rsm\bin\ans.rsm.jmhost130.exe |
"TCP Query User{B99DDAD1-57AD-4528-8F8D-3CA5478BCBA0}D:\programme\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\programme\mirc\mirc.exe |
"TCP Query User{BA2E4EE0-5903-46A1-A57A-147602C7AA49}D:\programme\maple 15\jre\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\maple 15\jre\bin\java.exe |
"TCP Query User{BB587C3A-53DF-4289-833E-94043EACF46A}D:\programme\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\programme\vlc\vlc.exe |
"TCP Query User{BED53A40-135B-4C12-A6BF-B501BC74EFA2}D:\programme\autodesk\inventor 2010\bin\inventor.exe" = protocol=6 | dir=in | app=d:\programme\autodesk\inventor 2010\bin\inventor.exe |
"TCP Query User{C05D47B8-0E8E-40C8-896B-0BD825257CD6}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{C0C4F851-9CE2-438A-BED9-6CB496092A7B}D:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe |
"TCP Query User{CCB20D30-A6CF-449A-BBC0-5FE316D241EF}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{CD2B0195-38BF-4C59-A94A-1727CDC21B8F}D:\programme\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=d:\programme\mozilla firefox\firefox.exe |
"TCP Query User{CF6D348A-00CA-4839-88D9-1EBD487555C4}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{CFF45F06-BA13-4637-838E-9A3744EB6EB6}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{D496F622-9DB2-439D-8E40-59724BAA656D}D:\fussball manager 10\eadm\core.exe" = protocol=6 | dir=in | app=d:\fussball manager 10\eadm\core.exe |
"TCP Query User{D5FEF2BC-44EE-41B3-BDD3-6C8C84675691}C:\program files\ansys inc\v110\cfx\bin\winnt\postgui_ogl.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v110\cfx\bin\winnt\postgui_ogl.exe |
"TCP Query User{DB1E6449-1798-430C-A748-8BC8BF7CC363}D:\programme\icq6\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6\icq.exe |
"TCP Query User{DEF745D3-8548-453B-AA22-2A47A224DA0E}D:\programme\maple 12\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\programme\maple 12\jre\bin\maple.exe |
"TCP Query User{E0A054D4-B739-436C-8AF5-10E46C5CADA2}D:\spiele\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\gta iv\grand theft auto iv\gtaiv.exe |
"TCP Query User{E1CA6D17-2407-4BB2-A38C-945689E0A4AB}D:\programme\maple 15\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\programme\maple 15\jre\bin\maple.exe |
"TCP Query User{EE979F44-5424-4648-8F2F-07C8CD8B4E0E}D:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe |
"TCP Query User{F0E0F089-8ADC-4B0E-B6F7-3C593901F369}D:\programme\maple 12\jre\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\maple 12\jre\bin\java.exe |
"TCP Query User{F1EC132A-AEF7-4B57-AFA2-B455032D27A1}D:\spiele\cs_cz\hl.exe" = protocol=6 | dir=in | app=d:\spiele\cs_cz\hl.exe |
"TCP Query User{F7880671-102F-48A7-A189-6249F0B3CDFF}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"TCP Query User{FB82486B-6B36-4ACF-ACFE-E1BDAC519420}D:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe |
"UDP Query User{025213D8-15FD-45C4-8C3E-8CCDE7859DBB}D:\programme\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\programme\miranda im\miranda32.exe |
"UDP Query User{0CE54713-BEEB-4436-BC4A-D9EAAEFE5EC9}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"UDP Query User{0DCA51AE-5DD5-4C8E-AAF4-0A79307EC3F6}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{0F0E6559-BCAD-453F-B23C-D260C83908A1}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{10918ACA-E292-40E9-B5AD-C78046E50BDE}D:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii\war3.exe |
"UDP Query User{183C5FD4-2F26-4285-A545-D09684D3EA3F}D:\programme\ansys inc\v130\framework\bin\win32\ansysfww.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\framework\bin\win32\ansysfww.exe |
"UDP Query User{195C55EE-A0D0-4428-91DF-BA8737F63121}D:\programme\maple 12\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\programme\maple 12\jre\bin\maple.exe |
"UDP Query User{1975D4E8-557E-4555-AFED-97F628BCEAE0}D:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe |
"UDP Query User{252B076B-434B-42F6-8EA6-55EFE296BEAB}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{2535B131-14F3-4FBA-B097-4F793897361D}D:\programme\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\programme\mirc\mirc.exe |
"UDP Query User{264C8DE6-A27A-4B4D-B0ED-A0D33F3E395E}D:\programme\ansys inc\v130\rsm\bin\ans.rsm.jmhost130.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\rsm\bin\ans.rsm.jmhost130.exe |
"UDP Query User{2D8C660A-18D9-43F0-B059-EF3BFEBE771E}D:\programme\ansys inc\v130\rsm\bin\ans.rsm.admin.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\rsm\bin\ans.rsm.admin.exe |
"UDP Query User{2E2AAACA-15AD-46E0-9167-41D74E3B4952}D:\programme\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\programme\vlc\vlc.exe |
"UDP Query User{33E4203E-43AB-4AD3-81B1-058C97D57C75}D:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe |
"UDP Query User{344D6A53-9035-4C46-B8F0-68281633984C}C:\program files\ansys inc\v110\cfx\bin\winnt\postgui_ogl.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v110\cfx\bin\winnt\postgui_ogl.exe |
"UDP Query User{36D02F34-ECAA-48B0-9130-B517F16B6143}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{3C231996-6B11-451C-84C6-9A9348B716C0}D:\spiele\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\gta iv\grand theft auto iv\gtaiv.exe |
"UDP Query User{441DF08D-8D26-4255-AAEE-44889B11BC5D}D:\programme\maple 12\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\programme\maple 12\jre\bin\maple.exe |
"UDP Query User{443B8C77-CEE0-4350-BE6D-CF81184D60F3}D:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe |
"UDP Query User{457E39E9-E59D-411A-91D2-A5C421C0B60D}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"UDP Query User{573A2B94-9B9C-4E89-9785-2B537CB261A2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{5967AE43-6D8F-4587-8096-C75A40F4F4C0}D:\programme\autodesk\inventor 2010\bin\inventor.exe" = protocol=17 | dir=in | app=d:\programme\autodesk\inventor 2010\bin\inventor.exe |
"UDP Query User{60D7A269-137C-4315-8F7B-3D0734828C89}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{64BFA2DF-AC50-4009-BD5E-F30A4371B0AF}D:\download\netscan.exe" = protocol=17 | dir=in | app=d:\download\netscan.exe |
"UDP Query User{6899E44A-2566-416E-B2E1-7531DB4AD746}C:\program files\ansys inc\shared files\licensing\win32\lmgrd.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\win32\lmgrd.exe |
"UDP Query User{7337A83B-4ED4-49E5-A184-290A74D70269}D:\programme\icq6\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6\icq.exe |
"UDP Query User{7996125B-CEE5-4E94-85E2-D57A024E74D2}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{810A2510-E2EC-4E4B-90C8-747BE44A389F}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"UDP Query User{83F75AC3-D031-41D5-BF00-F1ECDA6D5410}D:\spiele\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\spiele\fifa 11\game\fifa.exe |
"UDP Query User{8571DAE9-F0F4-41E5-ABF8-ED6F4A189C9C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{8C6830BE-24D2-4BDA-89C2-8F07B7625713}D:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe |
"UDP Query User{A8C84A89-2CBF-4915-A219-E3D1CB414881}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{AA6E4042-49DF-4392-A4FA-3E077C94D513}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{AC6842EA-C240-4811-B5F3-50B8036AB736}D:\spiele\cs_cz\hl.exe" = protocol=17 | dir=in | app=d:\spiele\cs_cz\hl.exe |
"UDP Query User{ACC5D895-A96C-4EE4-8F5F-011C11A042AB}C:\program files\matlab\r2008a\bin\win32\matlab.exe" = protocol=17 | dir=in | app=c:\program files\matlab\r2008a\bin\win32\matlab.exe |
"UDP Query User{B07A2D2E-57B1-4B01-9D16-1E1086574144}D:\programme\maple 15\jre\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\maple 15\jre\bin\java.exe |
"UDP Query User{B8EC1D1A-D979-41A5-89EF-765BD3B35D7B}D:\programme\maple 15\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\programme\maple 15\jre\bin\maple.exe |
"UDP Query User{C08E0066-6D32-4392-8E54-DB336C36A1B2}D:\programme\icq6\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6\icq.exe |
"UDP Query User{C61264E7-15DD-4AF1-9F7C-B79F712C64AF}D:\programme\ansys inc\shared files\licensing\win32\ansysli_client.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\shared files\licensing\win32\ansysli_client.exe |
"UDP Query User{CB2A92D2-7E0A-4FC0-9FC9-26C1A0F14646}D:\fussball manager 10\eadm\core.exe" = protocol=17 | dir=in | app=d:\fussball manager 10\eadm\core.exe |
"UDP Query User{CD3C1751-A1E7-499E-B95B-38A4BA4CE932}D:\spiele\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=d:\spiele\anno 1701\anno1701.exe |
"UDP Query User{CD6FEF83-0B16-4A4D-8CDA-B2BB9B9398DE}D:\programme\maple 12\jre\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\maple 12\jre\bin\java.exe |
"UDP Query User{CFBDB506-2CBC-4147-A904-A0DECF31B911}D:\programme\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\programme\miranda im\miranda32.exe |
"UDP Query User{D1ED20AC-652B-464A-A127-29F110CD4F50}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{D23E9902-F981-49DB-A89B-1C24C1EC620D}D:\programme\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=d:\programme\mozilla firefox\firefox.exe |
"UDP Query User{D27EAEFE-40B4-4CA2-A742-B5753B0D3313}D:\programme\maple 12\jre\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\maple 12\jre\bin\java.exe |
"UDP Query User{D423D7C1-3FD1-4B6B-A4E7-DD0D0D80D6E1}D:\programme\ansys inc\v130\aisol\bin\intel\ansyswbu.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\aisol\bin\intel\ansyswbu.exe |
"UDP Query User{D4656EEB-E9BB-439F-81BB-7E86031E5DE3}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{D65076D4-6A5D-4AD0-82BE-2873DC55E700}D:\spiele\counter strike\hl.exe" = protocol=17 | dir=in | app=d:\spiele\counter strike\hl.exe |
"UDP Query User{D7189906-A2CF-49C0-8A3E-A525796FA03B}D:\programme\autodesk\inventor 2010\bin\inventor.exe" = protocol=17 | dir=in | app=d:\programme\autodesk\inventor 2010\bin\inventor.exe |
"UDP Query User{DB41E237-838B-425E-BA98-8A4E64216A4D}C:\program files\ansys inc\shared files\licensing\win32\ansyslmd.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\win32\ansyslmd.exe |
"UDP Query User{ECBD9913-81A8-4D76-85C0-1AC90EF9E753}D:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe |
"UDP Query User{FE6130B5-0244-4DF9-BDE7-0104B640367A}D:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe |
"UDP Query User{FEE21DD3-0F4B-412F-BC7A-75BE3C603C59}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{FFDFB49C-72E5-4613-950B-3DE33A08FE74}D:\programme\maple 15\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\programme\maple 15\jre\bin\maple.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{02BFF1A3-A0D5-4F64-8558-A22682BCDA58}" = ActivePerl 5.14.2 Build 1402
"{03A4C6A1-26E9-4DDB-81D9-B332E5BB10AD}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{04A5ABD3-272A-4958-836C-8DED3F177E51}" = SolidWorks eDrawings 2012
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix Online Plug-in (Web)
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FB138CC-5503-4B4A-BC42-81E9C1FF26EE}" = Autodesk Inventor Content Center Libraries 2010 (Desktop Content)
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22BA09CF-141D-45AD-B3F3-715B4B6C55A8}" = calibre
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix Online Plug-in (USB)
"{3F084E0E-E7D3-439D-9AC3-8312B2184347}" = SolidWorks 2012 Document Manager API
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AA24280-6FF2-40D1-B34C-40DA7E3317D4}" = IguanaTex
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{52969324-463B-4643-BF36-854BE2BECB89}" = Autodesk Inventor 2010 Language Pack - Deutsch
"{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}" = Microsoft SQL Server 2008 Native Client
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{562D0D31-FBAF-4505-8B27-4EC92EEA91D6}" = DIAL Communication Framework
"{56BC75EA-B19F-4C14-85B8-3FA61C0C791F}" = NMAS Client
"{5783F2D7-8001-0407-0002-0060B0CE6BBA}" = AutoCAD 2010 - Deutsch
"{5783F2D7-8001-0407-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - Deutsch
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix Online Plug-in (DV)
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{68DED384-1F74-4AEE-8B8E-95AF15572FE3}" = Port Royale 3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E9CFEF5-0245-411F-8587-CF83DF9D4B05}" = Microsoft SQL Server 2008 Database Engine Services
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7F4DD591-1400-0409-0000-7107D70F3DB4}" = Autodesk Inventor 2010
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{827990C7-4D30-3627-A2D1-5FFA09198BB2}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{8418FE6C-36B5-4023-8704-5DC2F21BB2E8}" = UltraEdit 15.00
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8CBFE0AB-3EBF-4103-BA48-59EB4FF66AD1}" = NMAS Challenge Response Method
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC8B571C-9C6E-47C1-A508-3BF1BCBED443}" = Deep Exploration 6 CE
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B265F77C-A0CF-4364-8C26-A0ADA16FA4F7}" = Nokia Mobile VPN Client Policy Tool
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B3D1CFF9-C5DA-3590-894B-40821DDB67C5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C83CD843-260E-3BD0-86BC-4E613BFDDE0A}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU
"{CB09F557-4821-46D0-BF86-8D1389AA6BC7}" = Tabellenbuch Metall digital
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{DC627AE5-A2B1-4D16-AF56-178D10EC3E81}" = KeyMan V3.6 Build 6
"{DE9CF741-20F7-488B-8B85-9D0F86FA51B4}" = TortoiseSVN 1.7.7.22907 (32 bit)
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E0D55506-9C88-4879-B61F-A5E4D0A5B460}" = SolidWorks viewer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA2F9282-383C-3DAC-A2B7-DE19E6A528E9}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) Language Pack - DEU
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix Online Plug-in (HDX)
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Android SDK Tools" = Android SDK Tools
"Audacity_is1" = Audacity 1.2.6
"AutoCAD 2010 - Deutsch" = AutoCAD 2010 - Deutsch
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Autodesk Inventor 2010" = Autodesk Inventor Professional 2010
"Autodesk Inventor 2010 SP1" = Autodesk Inventor 2010 SP1
"Avira AntiVir Desktop" = Avira Free Antivirus
"A-WIN-Extras 8.0.4 2615434_is1" = Mathematica Extras 8.0 (2615434)
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.1
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"DWG TrueView 2010" = DWG TrueView 2010
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"ffdshow_is1" = ffdshow [rev 2975] [2009-05-28]
"FileZilla Client" = FileZilla Client 3.3.3
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"GSview 4.9" = GSview 4.9
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"latex2eps_is1" = latex2eps 0.11
"MagicMap" = MagicMap
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Maple 12" = Maple 12
"Maple 15" = Maple 15
"Matlab R2012a" = MATLAB R2012a
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Miranda IM" = Miranda IM 0.9.44
"mIRC" = mIRC
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"M-WIN-G 8.0.4 2615565_is1" = Wolfram Mathematica 8 for Students (M-WIN-G 8.0.4 2615565)
"Nokia Suite" = Nokia Suite
"Novell Client for Windows" = Novell Client for Windows
"OpenAL" = OpenAL
"ProInst" = Intel PROSet Wireless
"Sandboxie" = Sandboxie 3.66 (32-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Totalcmd" = Total Commander (Remove or Repair)
"UltraISO_is1" = UltraISO Premium V9.52
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"Zattoo4" = Zattoo4 4.0.4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NoNameScript" = NNScript
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.07.2012 18:07:27 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
Error - 23.07.2012 18:07:28 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
Error - 23.07.2012 18:17:05 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
Error - 23.07.2012 18:17:07 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
Error - 23.07.2012 18:18:06 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
Error - 23.07.2012 18:18:06 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
Error - 24.07.2012 00:43:48 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 24.07.2012 02:12:31 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
Error - 24.07.2012 05:24:22 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 24.07.2012 06:07:17 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 23.07.2012 12:52:37 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 24.07.2012 00:43:49 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 24.07.2012 00:43:49 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 24.07.2012 00:45:11 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 24.07.2012 05:24:22 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 24.07.2012 05:24:22 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 24.07.2012 05:25:55 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 24.07.2012 06:07:17 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 24.07.2012 06:07:17 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 24.07.2012 06:12:22 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-24 13:19:29
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000
Running: fwb5m14j.exe; Driver: C:\Users\***\AppData\Local\Temp\uxrdqpod.sys
---- System - GMER 1.0.15 ----
SSDT 90E66D5E ZwCreateSection
SSDT 90E66D68 ZwRequestWaitReplyPort
SSDT 90E66D63 ZwSetContextThread
SSDT 90E66D6D ZwSetSecurityObject
SSDT 90E66D72 ZwSystemDebugControl
SSDT 90E66CFF ZwTerminateProcess
INT 0x61 ? 900397D0
INT 0x71 ? 90039A50
Code A88CDBFC ZwTraceEvent
Code A88CDBFB NtTraceEvent
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!NtTraceEvent 8287BF94 5 Bytes JMP A88CDC00
.text ntoskrnl.exe!KeInsertQueue + 405 828ADA3C 4 Bytes [5E, 6D, E6, 90] {POP ESI; INSD ; OUT 0x90, AL}
.text ntoskrnl.exe!KeInsertQueue + 729 828ADD60 4 Bytes [68, 6D, E6, 90]
.text ntoskrnl.exe!KeInsertQueue + 75D 828ADD94 4 Bytes [63, 6D, E6, 90] {ARPL [EBP-0x1a], BP; NOP }
.text ntoskrnl.exe!KeInsertQueue + 7C1 828ADDF8 4 Bytes [6D, 6D, E6, 90] {INSD ; INSD ; OUT 0x90, AL}
.text ntoskrnl.exe!KeInsertQueue + 809 828ADE40 4 Bytes [72, 6D, E6, 90] {JB 0x6f; OUT 0x90, AL}
.text ...
PAGE ntoskrnl.exe!NtRequestPort + 2 82A02B69 5 Bytes JMP A88CDCA0
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 2 82A5AEE8 5 Bytes JMP A88CDDE0
.text win32k.sys!XFORMOBJ_iGetXform + 457F A2C8078C 5 Bytes JMP A88CD5C0
.text win32k.sys!XFORMOBJ_iGetXform + 70FA A2C83307 5 Bytes JMP A88CD700
.text win32k.sys!EngMulDiv + 4D41 A2CCA670 5 Bytes JMP A88CD660
.text win32k.sys!EngMulDiv + 8C36 A2CCE565 5 Bytes JMP A88CD520
.text win32k.sys!EngStrokePath + 5FF A2CD7A1C 5 Bytes JMP A88CDA20
.text win32k.sys!EngAlphaBlend + 88BE A2CEED3B 5 Bytes JMP A88CD3E0
.text win32k.sys!EngAlphaBlend + 9B48 A2CEFFC5 5 Bytes JMP A88CD480
.text win32k.sys!STROBJ_vEnumStart + 4728 A2D07749 5 Bytes JMP A88CDAC0
.text win32k.sys!CLIPOBJ_bEnum + 24A A2D2B56C 5 Bytes JMP A88CD840
.text win32k.sys!EngLineTo + A15 A2D4D5BD 5 Bytes JMP A88CD7A0
.text win32k.sys!EngLineTo + DD5D A2D5A905 5 Bytes JMP A88CDB60
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xABA1B300, 0x3ACC8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xABAEE300, 0x1B7E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text D:\Programme\TortoiseSVN\bin\TSVNCache.exe[4796] kernel32.dll!SetUnhandledExceptionFilter + 2 77CFA8C7 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5524] ntdll.dll!DbgUiRemoteBreakin 77C0CD44 1 Byte [C3]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd65b4f
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd6642e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@001d2885a723 0x09 0x13 0x00 0x26 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@0016b88fc755 0x6C 0xAD 0x77 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@000fde82306f 0x9F 0xD2 0x7A 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@0025483f4f86 0xE5 0x2C 0xE2 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@942053f2473d 0x47 0x30 0x0B 0x38 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@b8d9cebe6c7c 0x37 0x79 0x8F 0xE2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA3 0x98 0xA4 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x33 0xE8 0x19 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA6 0xC3 0x3C 0xBB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE5 0x64 0x43 0x7A ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001e4cd65b4f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001e4cd6642e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@001d2885a723 0x09 0x13 0x00 0x26 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@0016b88fc755 0x6C 0xAD 0x77 0x5F ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@000fde82306f 0x9F 0xD2 0x7A 0x83 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@0025483f4f86 0xE5 0x2C 0xE2 0x3A ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@942053f2473d 0x47 0x30 0x0B 0x38 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@b8d9cebe6c7c 0x37 0x79 0x8F 0xE2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA3 0x98 0xA4 0xE1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x33 0xE8 0x19 0xF4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA6 0xC3 0x3C 0xBB ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE5 0x64 0x43 0x7A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{78785EB0-1D82-8BA9-1C09-D709D1A7099A}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{78785EB0-1D82-8BA9-1C09-D709D1A7099A}@hafiihnmjcleiflb 0x69 0x61 0x63 0x6C ...
---- EOF - GMER 1.0.15 ----
Wie schon eingangs geschrieben: ich kann keine Anzeichen für einen Befall ausmachen. Aber da die Scans trotzdem etwas gefunden haben.. Für Ratschläge ob und wie es sinnvoll ist weiter zu graben, wäre ich sehr dankbar. Gruß |
|
24.07.2012, 16:43
| #2 | |
| /// Malware-holic   | HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt hi
__________________Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
24.07.2012, 17:42
| #3 | |
| | HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt Hi,
__________________danke für die schnelle Antwort. Hier das Combofix-Log: Code:
ATTFilter ComboFix 12-07-25.04 - *** 24.07.2012 17:59:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1532 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\***\AppData\Local\assembly\tmp
c:\users\***\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\tmp4D79.tmp
c:\windows\system32\tmp4DC8.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-24 bis 2012-07-24 ))))))))))))))))))))))))))))))
.
.
2012-07-24 16:08 . 2012-07-24 16:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-24 16:08 . 2012-07-24 16:08 -------- d-----w- c:\users\***AndererAccMitUserRechten***\AppData\Local\temp
2012-07-24 16:08 . 2012-07-24 16:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 16:08 . 2012-07-24 16:08 -------- d-----w- c:\users\***AccMitUserRechten***\AppData\Local\temp
2012-07-23 12:06 . 2012-07-23 12:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-23 12:06 . 2012-07-23 12:06 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-07-23 12:05 . 2012-07-23 12:05 -------- d-----w- c:\programdata\Malwarebytes
2012-07-23 12:05 . 2012-07-23 12:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-23 12:05 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-20 18:21 . 2012-07-20 18:21 -------- d-----w- c:\users\***AccMitUserRechten***\AppData\Local\Macromedia
2012-07-20 17:35 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5512A987-5D11-44A4-99EA-2DB7D97CA7B3}\mpengine.dll
2012-07-20 17:28 . 2012-07-22 06:56 -------- d-----w- c:\users\***AccMitUserRechten***\AppData\Local\TSVNCache
2012-07-20 17:28 . 2012-07-20 17:28 -------- d-----w- c:\users\***AccMitUserRechten***\AppData\Roaming\Subversion
2012-07-18 12:54 . 2012-07-18 12:54 -------- d-----w- c:\users\***\AppData\Roaming\TortoiseSVN
2012-07-18 12:42 . 2012-07-24 16:12 -------- d-----w- c:\users\***\AppData\Local\TSVNCache
2012-07-18 12:36 . 2012-07-18 12:36 -------- d-----w- c:\users\***\AppData\Roaming\Subversion
2012-07-18 12:25 . 2012-07-18 12:25 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2012-07-13 22:10 . 2012-07-14 12:43 -------- d-----w- c:\users\***\.android
2012-07-10 17:41 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 17:41 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-01 21:39 . 2012-07-01 21:45 -------- d-----w- c:\users\***\AppData\Local\MDG
2012-07-01 20:21 . 2012-07-02 07:15 -------- d-----w- c:\users\***\AppData\Local\Samsung
2012-07-01 20:21 . 2012-07-19 14:54 -------- d-----w- c:\users\***\AppData\Roaming\Samsung
2012-07-01 20:04 . 2012-05-21 02:09 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-07-01 20:04 . 2012-05-21 02:09 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-07-01 19:59 . 2012-07-01 19:59 -------- d-----w- c:\program files\MarkAny
2012-07-01 19:59 . 2012-06-26 14:02 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-07-01 19:59 . 2012-06-26 14:02 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-07-01 19:58 . 2012-07-19 14:54 -------- d-----w- c:\programdata\Samsung
2012-07-01 19:46 . 2012-07-19 14:53 -------- d-----w- c:\users\***\AppData\Local\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 15:47 . 2012-03-29 11:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-16 15:47 . 2011-05-17 06:26 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-26 14:03 . 2012-07-01 20:00 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-06-26 14:02 . 2008-06-25 05:18 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-06-18 09:27 . 2012-06-18 09:28 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-18 09:27 . 2010-05-16 19:55 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:40 . 2012-07-10 18:25 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-10 17:41 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-10 17:41 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-21 05:18 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:18 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:17 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:17 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 05:18 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 05:18 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 05:17 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 05:17 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 05:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:25 . 2012-07-10 18:15 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 00:04 . 2012-07-10 17:41 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-10 17:41 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2009-10-11 18:56 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-28 22:38 . 2012-05-28 22:38 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-05-23 16:49 . 2012-05-23 16:49 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-05-23 16:49 . 2012-05-23 16:49 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-05-23 16:49 . 2012-05-23 16:49 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-05-23 16:49 . 2012-05-23 16:49 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-05-23 16:49 . 2012-05-23 16:49 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-05-23 16:49 . 2012-05-23 16:49 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-05-23 16:49 . 2012-05-23 16:49 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-05-23 16:49 . 2012-05-23 16:49 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-05-23 16:49 . 2012-05-23 16:49 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-05-23 16:49 . 2012-05-23 16:49 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-05-23 16:49 . 2012-05-23 16:49 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-05-23 16:49 . 2012-05-23 16:49 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-05-23 16:49 . 2012-05-23 16:49 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-05-23 16:49 . 2012-05-23 16:49 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-05-23 16:49 . 2012-05-23 16:49 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-05-23 16:49 . 2012-05-23 16:49 172032 ----a-w- c:\windows\system32\muzapp.exe
2012-05-23 16:49 . 2012-05-23 16:49 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-05-23 16:49 . 2012-05-23 16:49 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-05-23 16:49 . 2012-05-23 16:49 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-05-23 16:49 . 2012-05-23 16:49 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-05-23 16:49 . 2012-05-23 16:49 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-05-23 16:49 . 2012-05-23 16:49 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-05-23 16:49 . 2012-05-23 16:49 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-05-08 17:36 . 2011-10-24 04:53 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-08 17:36 . 2009-06-27 19:26 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-05 20:00 . 2011-11-05 22:29 2478592 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-05-05 20:00 . 2011-02-21 16:55 2455488 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll
2012-05-05 11:58 . 2011-02-21 16:55 18400 ----a-w- c:\programdata\Microsoft\VSA\9.0\1031\ResourceCache.dll
2012-05-05 11:58 . 2011-02-21 16:55 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2012-05-04 21:42 . 2012-05-04 21:42 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1031\ResourceCache.dll
2012-05-04 21:42 . 2011-06-08 20:41 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-05-04 07:41 . 2012-05-04 07:41 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2012-05-01 14:03 . 2012-06-13 07:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DisplayFusion"="d:\programme\DisplayFusion\DisplayFusion.exe" [2012-01-12 2789280]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SandboxieControl"="d:\programme\Sandboxie\SbieCtrl.exe" [2012-03-22 452880]
"KiesPDLR"="d:\programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
"KiesPreload"="d:\programme\Samsung\Kies\Kies.exe" [2012-07-16 975800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1049896]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"CherryKeyMan"="c:\program files\Cherry\KeyMan\KeyMan.exe" [2010-09-01 254004]
"NWTRAY"="NWTRAY.EXE" [2011-11-27 34904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"KiesTrayAgent"="d:\programme\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Miranda IM.lnk - d:\programme\Miranda IM\miranda32.exe [2012-2-17 827989]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 ncv1_0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ICQ6.5.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ICQ6.5.lnk
backup=c:\windows\pss\ICQ6.5.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Taskplaner Modul.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Taskplaner Modul.lnk
backup=c:\windows\pss\SolidWorks Taskplaner Modul.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-10-12 16:24 304568 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-08-01 08:28 124480 ----a-w- d:\programme\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-05-16 13:44 1084840 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 10:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-08-30 16:43 3077528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1614058835-672721566-3778044925-1003]
"EnableNotificationsRef"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - d:\programme\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
DPF: {0427F569-3D57-4F10-B9FB-8D71A6A7BE24} - file:///C:/Users/***/AppData/Local/Temp/FV2GA4/frmeditor.ocx
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nc71xmt7.default\
FF - prefs.js: browser.startup.homepage - google.de
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.txt=UltraEdit.txt
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-Akamai NetSession Interface - c:\users\***\AppData\Local\Akamai\netsession_win.exe
HKCU-Run-KiesHelper - d:\programme\Samsung\Kies\KiesHelper.exe
HKCU-Run-KiesAirMessage - d:\programme\Samsung\Kies\KiesAirMessage.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-boincmgr - d:\programme\BOINC\boincmgr.exe
MSConfigStartUp-boinctray - d:\programme\BOINC\boinctray.exe
MSConfigStartUp-EA Core - d:\fussball manager 10\EADM\Core.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-SolidWorks_CheckForUpdates - c:\program files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe
MSConfigStartUp-Vidalia - d:\programme\Vidalia Bundle\Vidalia\vidalia.exe
MSConfigStartUp-WinampAgent - d:\programme\Winamp\winampa.exe
AddRemove-01_Simmental - d:\programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - d:\programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - d:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - d:\programme\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - d:\programme\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - d:\programme\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - d:\programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - d:\programme\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - d:\programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - d:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - d:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - d:\programme\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - d:\programme\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - d:\programme\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - d:\programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - d:\programme\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - d:\programme\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - d:\programme\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - d:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-24 18:14
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1614058835-672721566-3778044925-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{78785EB0-1D82-8BA9-1C09-D709D1A7099A}*]
"hafiihnmjcleiflb"=hex:69,61,63,6c,65,61,66,61,67,62,61,68,66,67,6f,6c,63,65,
00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\NETWIN32.DLL
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'Explorer.exe'(4668)
d:\programme\DisplayFusion\Hooks\AppHookx86_796a9db3-9ac3-471c-8cfd-65f0069015da.dll
c:\program files\Common Files\Cherry\Common\KbdHook00.dll
c:\windows\system32\btmmhook.dll
d:\programme\FileZilla FTP Client\fzshellext.dll
c:\windows\system32\btncopy.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\NETWIN32.DLL
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
d:\programme\Sandboxie\SbieSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe
c:\windows\System32\lpksetup.exe
c:\program files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
d:\programme\Cisco VPN Client\cvpnd.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\HPSIsvc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_monitor.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\StkCSrv.exe
c:\program files\ANSYS Inc\Shared Files\Licensing\win32\lmgrd.exe
c:\program files\ANSYS Inc\Shared Files\Licensing\win32\ansyslmd.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
d:\programme\TortoiseSVN\bin\TSVNCache.exe
c:\windows\RtHDVCpl.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\System32\nwtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Cherry\CDI\cdi.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-24 18:24:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-24 16:24
.
Vor Suchlauf: 15 Verzeichnis(se), 30.499.442.688 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 32.124.981.248 Bytes frei
.
- - End Of File - - 3AFF8D5A3B71EB8506D3DE980530A4BC
Ganz vergessen: nach dem Neustart durch Combofix gabs die Fehlermeldung Zitat:
Geändert von Ilu (24.07.2012 um 17:44 Uhr) Grund: Detail vergessen |
|
25.07.2012, 17:10
| #4 |
| /// Malware-holic | HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.07.2012, 18:13
| #5 |
| | HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt Hi Markus, wie gewünscht das TDSSKiller-Log: Code:
ATTFilter 18:14:37.0444 0364 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:14:37.0481 0364 ============================================================
18:14:37.0481 0364 Current date / time: 2012/07/25 18:14:37.0481
18:14:37.0481 0364 SystemInfo:
18:14:37.0481 0364
18:14:37.0481 0364 OS Version: 6.0.6002 ServicePack: 2.0
18:14:37.0481 0364 Product type: Workstation
18:14:37.0481 0364 ComputerName: ***
18:14:37.0481 0364 UserName: ***
18:14:37.0481 0364 Windows directory: C:\Windows
18:14:37.0482 0364 System windows directory: C:\Windows
18:14:37.0482 0364 Processor architecture: Intel x86
18:14:37.0482 0364 Number of processors: 2
18:14:37.0482 0364 Page size: 0x1000
18:14:37.0482 0364 Boot type: Normal boot
18:14:37.0482 0364 ============================================================
18:14:38.0139 0364 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:14:38.0143 0364 ============================================================
18:14:38.0143 0364 \Device\Harddisk0\DR0:
18:14:38.0143 0364 MBR partitions:
18:14:38.0143 0364 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0xB2C126D
18:14:38.0143 0364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC6C5928, BlocksNum 0x18D67D99
18:14:38.0143 0364 ============================================================
18:14:38.0263 0364 D: <-> \Device\Harddisk0\DR0\Partition1
18:14:38.0493 0364 C: <-> \Device\Harddisk0\DR0\Partition0
18:14:38.0493 0364 ============================================================
18:14:38.0493 0364 Initialize success
18:14:38.0493 0364 ============================================================
18:15:16.0213 7360 ============================================================
18:15:16.0213 7360 Scan started
18:15:16.0213 7360 Mode: Manual; SigCheck; TDLFS;
18:15:16.0213 7360 ============================================================
18:15:18.0709 7360 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:15:18.0849 7360 ACPI - ok
18:15:18.0912 7360 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
18:15:18.0912 7360 adfs - ok
18:15:19.0099 7360 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:15:19.0099 7360 AdobeARMservice - ok
18:15:19.0177 7360 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:15:19.0208 7360 adp94xx - ok
18:15:19.0239 7360 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:15:19.0255 7360 adpahci - ok
18:15:19.0286 7360 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:15:19.0302 7360 adpu160m - ok
18:15:19.0333 7360 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:15:19.0333 7360 adpu320 - ok
18:15:19.0395 7360 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:15:19.0567 7360 AeLookupSvc - ok
18:15:19.0723 7360 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:15:19.0785 7360 AFD - ok
18:15:19.0895 7360 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
18:15:19.0973 7360 AgereSoftModem - ok
18:15:20.0019 7360 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:15:20.0035 7360 agp440 - ok
18:15:20.0066 7360 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:15:20.0082 7360 aic78xx - ok
18:15:20.0144 7360 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
18:15:20.0285 7360 ALG - ok
18:15:20.0300 7360 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:15:20.0300 7360 aliide - ok
18:15:20.0347 7360 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:15:20.0363 7360 amdagp - ok
18:15:20.0378 7360 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:15:20.0394 7360 amdide - ok
18:15:20.0409 7360 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:15:20.0456 7360 AmdK7 - ok
18:15:20.0487 7360 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:15:20.0534 7360 AmdK8 - ok
18:15:22.0593 7360 ANSYS, Inc. License Manager (65a2d3fe71b7f27e3d76aaa9e43634ea) C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
18:15:22.0749 7360 ANSYS, Inc. License Manager ( UnsignedFile.Multi.Generic ) - warning
18:15:22.0749 7360 ANSYS, Inc. License Manager - detected UnsignedFile.Multi.Generic (1)
18:15:23.0046 7360 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:15:23.0077 7360 AntiVirSchedulerService - ok
18:15:23.0108 7360 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:15:23.0108 7360 AntiVirService - ok
18:15:23.0389 7360 AppHostSvc (dfae18c675d71fd06d57dc69d2913975) C:\Windows\system32\inetsrv\apphostsvc.dll
18:15:23.0451 7360 AppHostSvc - ok
18:15:23.0498 7360 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
18:15:23.0576 7360 Appinfo - ok
18:15:23.0623 7360 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:15:23.0639 7360 arc - ok
18:15:23.0685 7360 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:15:23.0685 7360 arcsas - ok
18:15:23.0841 7360 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:15:23.0857 7360 aspnet_state - ok
18:15:23.0888 7360 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:15:23.0935 7360 AsyncMac - ok
18:15:23.0951 7360 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
18:15:23.0966 7360 atapi - ok
18:15:24.0029 7360 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
18:15:24.0060 7360 atksgt ( UnsignedFile.Multi.Generic ) - warning
18:15:24.0060 7360 atksgt - detected UnsignedFile.Multi.Generic (1)
18:15:24.0122 7360 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:15:24.0138 7360 AudioEndpointBuilder - ok
18:15:24.0153 7360 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:15:24.0169 7360 Audiosrv - ok
18:15:24.0325 7360 Autodesk Licensing Service (4961850fb000896d6a6b90868dc91a98) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
18:15:24.0372 7360 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:15:24.0372 7360 Autodesk Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:15:24.0387 7360 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
18:15:24.0419 7360 avgntflt - ok
18:15:24.0481 7360 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
18:15:24.0512 7360 avipbb - ok
18:15:24.0606 7360 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:15:24.0637 7360 avkmgr - ok
18:15:24.0684 7360 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
18:15:24.0855 7360 bcm4sbxp - ok
18:15:24.0887 7360 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:15:24.0933 7360 Beep - ok
18:15:25.0043 7360 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
18:15:25.0089 7360 BFE - ok
18:15:25.0589 7360 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
18:15:25.0667 7360 BITS - ok
18:15:25.0807 7360 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:15:25.0854 7360 blbdrive - ok
18:15:25.0901 7360 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:15:25.0963 7360 bowser - ok
18:15:25.0994 7360 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:15:26.0041 7360 BrFiltLo - ok
18:15:26.0057 7360 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:15:26.0088 7360 BrFiltUp - ok
18:15:26.0119 7360 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
18:15:26.0181 7360 Browser - ok
18:15:26.0213 7360 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:15:26.0306 7360 Brserid - ok
18:15:26.0353 7360 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:15:26.0400 7360 BrSerWdm - ok
18:15:26.0415 7360 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:15:26.0462 7360 BrUsbMdm - ok
18:15:26.0478 7360 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:15:26.0540 7360 BrUsbSer - ok
18:15:26.0587 7360 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
18:15:26.0618 7360 BthEnum - ok
18:15:26.0665 7360 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
18:15:26.0681 7360 BTHMODEM - ok
18:15:26.0712 7360 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
18:15:26.0743 7360 BthPan - ok
18:15:26.0805 7360 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
18:15:26.0852 7360 BTHPORT - ok
18:15:26.0899 7360 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
18:15:26.0930 7360 BthServ - ok
18:15:26.0946 7360 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
18:15:26.0977 7360 BTHUSB - ok
18:15:27.0024 7360 btwaudio (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
18:15:27.0055 7360 btwaudio - ok
18:15:27.0086 7360 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
18:15:27.0117 7360 btwavdt - ok
18:15:27.0164 7360 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
18:15:27.0195 7360 btwrchid - ok
18:15:27.0398 7360 catchme - ok
18:15:27.0429 7360 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:15:27.0461 7360 cdfs - ok
18:15:27.0507 7360 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:15:27.0539 7360 cdrom - ok
18:15:27.0601 7360 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:15:27.0632 7360 CertPropSvc - ok
18:15:27.0679 7360 Ch2kPS2 (970dddebaa177ad1f738a24c8d9c0735) C:\Windows\system32\DRIVERS\Ch2kPS2.sys
18:15:27.0726 7360 Ch2kPS2 - ok
18:15:27.0757 7360 Ch2kPS2M (f767a99313f4b87350bf60500575a8af) C:\Windows\system32\DRIVERS\Ch2kPS2M.sys
18:15:27.0773 7360 Ch2kPS2M ( UnsignedFile.Multi.Generic ) - warning
18:15:27.0773 7360 Ch2kPS2M - detected UnsignedFile.Multi.Generic (1)
18:15:27.0819 7360 Ch2kUSB (6bb54c8ab2ff2406c08157052cae793c) C:\Windows\system32\drivers\Ch2kUSB.sys
18:15:27.0851 7360 Ch2kUSB - ok
18:15:28.0459 7360 Cherry Device Interface (1ce3f63d0c5867d16b01435f8cdaef8b) C:\Program Files\Cherry\CDI\cdi.exe
18:15:28.0490 7360 Cherry Device Interface ( UnsignedFile.Multi.Generic ) - warning
18:15:28.0490 7360 Cherry Device Interface - detected UnsignedFile.Multi.Generic (1)
18:15:28.0521 7360 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:15:28.0553 7360 circlass - ok
18:15:28.0833 7360 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:15:28.0849 7360 CLFS - ok
18:15:28.0943 7360 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:15:28.0958 7360 clr_optimization_v2.0.50727_32 - ok
18:15:29.0208 7360 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:15:29.0223 7360 clr_optimization_v4.0.30319_32 - ok
18:15:29.0270 7360 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:15:29.0301 7360 CmBatt - ok
18:15:29.0317 7360 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:15:29.0333 7360 cmdide - ok
18:15:29.0348 7360 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:15:29.0348 7360 Compbatt - ok
18:15:29.0364 7360 COMSysApp - ok
18:15:29.0364 7360 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:15:29.0379 7360 crcdisk - ok
18:15:29.0395 7360 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:15:29.0426 7360 Crusoe - ok
18:15:29.0473 7360 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
18:15:29.0520 7360 CryptSvc - ok
18:15:29.0582 7360 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
18:15:29.0613 7360 ctxusbm - ok
18:15:29.0645 7360 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
18:15:29.0676 7360 CVirtA - ok
18:15:31.0407 7360 CVPND (98b1b70e250ebca7b7a0a56ad2a7e62f) D:\Programme\Cisco VPN Client\cvpnd.exe
18:15:31.0470 7360 CVPND - ok
18:15:31.0563 7360 CVPNDRVA (465ced77e7c4f9d71b81ba600edafac1) C:\Windows\system32\Drivers\CVPNDRVA.sys
18:15:31.0563 7360 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
18:15:31.0563 7360 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
18:15:31.0657 7360 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:15:31.0704 7360 DcomLaunch - ok
18:15:31.0797 7360 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:15:31.0844 7360 DfsC - ok
18:15:32.0624 7360 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
18:15:32.0811 7360 DFSR - ok
18:15:32.0921 7360 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\Windows\system32\drivers\dgderdrv.sys
18:15:32.0936 7360 dgderdrv - ok
18:15:33.0030 7360 dg_ssudbus (f9f31a9f2a8c0dd0ceb6e380bf0985d4) C:\Windows\system32\DRIVERS\ssudbus.sys
18:15:33.0061 7360 dg_ssudbus - ok
18:15:33.0139 7360 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
18:15:33.0186 7360 Dhcp - ok
18:15:34.0574 7360 DialComService (5c90fdd933a0f8566399363191751113) C:\Program Files\DIAL GmbH\DIAL Communication Framework\DialComService.exe
18:15:34.0668 7360 DialComService - ok
18:15:35.0011 7360 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:15:35.0027 7360 disk - ok
18:15:35.0073 7360 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\Windows\system32\DRIVERS\dne2000.sys
18:15:35.0089 7360 DNE - ok
18:15:35.0120 7360 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
18:15:35.0229 7360 Dnscache - ok
18:15:35.0292 7360 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
18:15:35.0323 7360 dot3svc - ok
18:15:35.0370 7360 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
18:15:35.0417 7360 DPS - ok
18:15:35.0432 7360 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:15:35.0463 7360 drmkaud - ok
18:15:35.0479 7360 DS1410D - ok
18:15:35.0900 7360 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:15:35.0963 7360 DXGKrnl - ok
18:15:36.0025 7360 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:15:36.0072 7360 E1G60 - ok
18:15:36.0103 7360 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
18:15:36.0134 7360 EapHost - ok
18:15:36.0181 7360 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:15:36.0197 7360 Ecache - ok
18:15:36.0259 7360 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
18:15:36.0337 7360 ehRecvr - ok
18:15:36.0353 7360 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
18:15:36.0399 7360 ehSched - ok
18:15:36.0415 7360 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
18:15:36.0431 7360 ehstart - ok
18:15:36.0462 7360 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:15:36.0493 7360 elxstor - ok
18:15:36.0930 7360 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
18:15:36.0977 7360 EMDMgmt - ok
18:15:36.0992 7360 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
18:15:37.0055 7360 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
18:15:37.0055 7360 epmntdrv - detected UnsignedFile.Multi.Generic (1)
18:15:37.0086 7360 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:15:37.0117 7360 ErrDev - ok
18:15:37.0148 7360 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
18:15:37.0179 7360 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
18:15:37.0179 7360 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
18:15:37.0413 7360 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
18:15:37.0476 7360 EventSystem - ok
18:15:37.0601 7360 EvtEng (87bfd4ef2f43399da37b48b42a84a749) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:15:37.0647 7360 EvtEng ( UnsignedFile.Multi.Generic ) - warning
18:15:37.0647 7360 EvtEng - detected UnsignedFile.Multi.Generic (1)
18:15:37.0710 7360 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:15:37.0788 7360 exfat - ok
18:15:37.0803 7360 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:15:37.0819 7360 fastfat - ok
18:15:37.0881 7360 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:15:37.0913 7360 fdc - ok
18:15:37.0944 7360 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
18:15:37.0959 7360 fdPHost - ok
18:15:37.0975 7360 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:15:38.0022 7360 FDResPub - ok
18:15:38.0037 7360 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:15:38.0053 7360 FileInfo - ok
18:15:38.0069 7360 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:15:38.0100 7360 Filetrace - ok
18:15:38.0209 7360 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:15:38.0240 7360 FLEXnet Licensing Service - ok
18:15:38.0271 7360 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:15:38.0303 7360 flpydisk - ok
18:15:38.0349 7360 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:15:38.0381 7360 FltMgr - ok
18:15:38.0552 7360 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
18:15:38.0615 7360 FontCache - ok
18:15:38.0693 7360 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:15:38.0693 7360 FontCache3.0.0.0 - ok
18:15:38.0724 7360 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
18:15:38.0771 7360 Fs_Rec - ok
18:15:38.0802 7360 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:15:38.0817 7360 gagp30kx - ok
18:15:38.0849 7360 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
18:15:38.0880 7360 ggflt - ok
18:15:38.0895 7360 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
18:15:38.0911 7360 ggsemc - ok
18:15:38.0973 7360 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
18:15:39.0051 7360 gpsvc - ok
18:15:39.0098 7360 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
18:15:39.0114 7360 hamachi - ok
18:15:39.0161 7360 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:15:39.0207 7360 HdAudAddService - ok
18:15:39.0254 7360 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:15:39.0317 7360 HDAudBus - ok
18:15:39.0348 7360 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
18:15:39.0379 7360 HidBth - ok
18:15:39.0410 7360 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:15:39.0457 7360 HidIr - ok
18:15:39.0488 7360 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
18:15:39.0519 7360 hidserv - ok
18:15:39.0551 7360 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:15:39.0566 7360 HidUsb - ok
18:15:39.0597 7360 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
18:15:39.0629 7360 hkmsvc - ok
18:15:39.0644 7360 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:15:39.0660 7360 HpCISSs - ok
18:15:39.0722 7360 HPSIService (94d23d4f096f12ca42c2fe4196631f46) C:\Windows\system32\HPSIsvc.exe
18:15:39.0722 7360 HPSIService - ok
18:15:39.0785 7360 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:15:39.0878 7360 HTTP - ok
18:15:39.0909 7360 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:15:39.0925 7360 i2omp - ok
18:15:39.0972 7360 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:15:40.0003 7360 i8042prt - ok
18:15:40.0097 7360 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:15:40.0206 7360 ialm - ok
18:15:40.0346 7360 iaNvStor (3e349157986c533e3cbeb8c1e17290bb) C:\Windows\system32\DRIVERS\iaNvStor.sys
18:15:40.0377 7360 iaNvStor - ok
18:15:40.0721 7360 iaStor (f263a9036f8897ffa2ae54685e03ad60) C:\Windows\system32\DRIVERS\iaStor.sys
18:15:40.0752 7360 iaStor - ok
18:15:41.0111 7360 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:15:41.0142 7360 iaStorV - ok
18:15:41.0516 7360 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:15:41.0563 7360 idsvc - ok
18:15:41.0594 7360 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:15:41.0610 7360 iirsp - ok
18:15:41.0672 7360 IISADMIN (dae181c2fdb0d02159c56185a469e10b) C:\Windows\system32\inetsrv\inetinfo.exe
18:15:41.0703 7360 IISADMIN - ok
18:15:41.0766 7360 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
18:15:41.0844 7360 IKEEXT - ok
18:15:43.0076 7360 IntcAzAudAddService (ffd2b3bc042596abe785d3c15f51ab46) C:\Windows\system32\drivers\RTKVHDA.sys
18:15:43.0201 7360 IntcAzAudAddService - ok
18:15:43.0794 7360 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:15:43.0794 7360 intelide - ok
18:15:43.0841 7360 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:15:43.0872 7360 intelppm - ok
18:15:43.0903 7360 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
18:15:43.0919 7360 IPBusEnum - ok
18:15:43.0950 7360 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:15:43.0981 7360 IpFilterDriver - ok
18:15:44.0028 7360 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
18:15:44.0075 7360 iphlpsvc - ok
18:15:44.0075 7360 IpInIp - ok
18:15:44.0106 7360 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:15:44.0137 7360 IPMIDRV - ok
18:15:44.0324 7360 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:15:44.0371 7360 IPNAT - ok
18:15:44.0387 7360 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:15:44.0402 7360 IRENUM - ok
18:15:44.0418 7360 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:15:44.0433 7360 isapnp - ok
18:15:44.0496 7360 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:15:44.0511 7360 iScsiPrt - ok
18:15:44.0527 7360 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:15:44.0543 7360 iteatapi - ok
18:15:44.0558 7360 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:15:44.0574 7360 iteraid - ok
18:15:44.0652 7360 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:15:44.0667 7360 kbdclass - ok
18:15:44.0699 7360 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:15:44.0714 7360 kbdhid - ok
18:15:44.0745 7360 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:15:44.0808 7360 KeyIso - ok
18:15:44.0823 7360 KMDFMEMIO (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
18:15:44.0870 7360 KMDFMEMIO - ok
18:15:44.0948 7360 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
18:15:44.0964 7360 KSecDD - ok
18:15:45.0073 7360 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
18:15:45.0104 7360 KtmRm - ok
18:15:45.0260 7360 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
18:15:45.0307 7360 LanmanServer - ok
18:15:45.0354 7360 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
18:15:45.0401 7360 LanmanWorkstation - ok
18:15:45.0447 7360 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
18:15:45.0447 7360 lirsgt ( UnsignedFile.Multi.Generic ) - warning
18:15:45.0447 7360 lirsgt - detected UnsignedFile.Multi.Generic (1)
18:15:45.0479 7360 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:15:45.0525 7360 lltdio - ok
18:15:45.0557 7360 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
18:15:45.0588 7360 lltdsvc - ok
18:15:45.0603 7360 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:15:45.0650 7360 lmhosts - ok
18:15:45.0791 7360 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:15:45.0806 7360 LSI_FC - ok
18:15:45.0837 7360 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:15:45.0853 7360 LSI_SAS - ok
18:15:45.0884 7360 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:15:45.0900 7360 LSI_SCSI - ok
18:15:46.0056 7360 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:15:46.0103 7360 luafv - ok
18:15:46.0134 7360 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
18:15:46.0165 7360 Mcx2Svc - ok
18:15:46.0446 7360 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:15:46.0461 7360 MDM - ok
18:15:46.0493 7360 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:15:46.0508 7360 megasas - ok
18:15:46.0914 7360 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:15:46.0961 7360 MegaSR - ok
18:15:47.0444 7360 Microsoft SharePoint Workspace Audit Service - ok
18:15:47.0538 7360 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:15:47.0600 7360 MMCSS - ok
18:15:47.0616 7360 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:15:47.0663 7360 Modem - ok
18:15:47.0678 7360 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:15:47.0709 7360 monitor - ok
18:15:47.0787 7360 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:15:47.0803 7360 mouclass - ok
18:15:47.0819 7360 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:15:47.0865 7360 mouhid - ok
18:15:47.0881 7360 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:15:47.0897 7360 MountMgr - ok
18:15:48.0099 7360 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:15:48.0115 7360 MozillaMaintenance - ok
18:15:48.0162 7360 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:15:48.0162 7360 mpio - ok
18:15:48.0209 7360 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:15:48.0224 7360 mpsdrv - ok
18:15:48.0661 7360 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
18:15:48.0708 7360 MpsSvc - ok
18:15:48.0723 7360 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:15:48.0739 7360 Mraid35x - ok
18:15:48.0770 7360 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:15:48.0801 7360 MRxDAV - ok
18:15:48.0833 7360 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:15:48.0926 7360 mrxsmb - ok
18:15:48.0957 7360 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:15:48.0973 7360 mrxsmb10 - ok
18:15:48.0989 7360 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:15:49.0020 7360 mrxsmb20 - ok
18:15:49.0051 7360 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
18:15:49.0051 7360 msahci - ok
18:15:49.0098 7360 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:15:49.0113 7360 msdsm - ok
18:15:49.0160 7360 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
18:15:49.0176 7360 MSDTC - ok
18:15:49.0191 7360 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:15:49.0238 7360 Msfs - ok
18:15:49.0254 7360 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:15:49.0269 7360 msisadrv - ok
18:15:49.0301 7360 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
18:15:49.0332 7360 MSiSCSI - ok
18:15:49.0332 7360 msiserver - ok
18:15:49.0379 7360 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:15:49.0394 7360 MSKSSRV - ok
18:15:49.0425 7360 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:15:49.0457 7360 MSPCLOCK - ok
18:15:49.0472 7360 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:15:49.0503 7360 MSPQM - ok
18:15:49.0581 7360 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:15:49.0597 7360 MsRPC - ok
18:15:49.0613 7360 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:15:49.0628 7360 mssmbios - ok
18:15:49.0706 7360 MSSQL$AUTODESKVAULT - ok
18:15:49.0784 7360 MSSQL$SQLEXPRESS - ok
18:15:49.0847 7360 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:15:49.0847 7360 MSSQLServerADHelper - ok
18:15:49.0909 7360 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:15:49.0909 7360 MSSQLServerADHelper100 - ok
18:15:49.0940 7360 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:15:49.0971 7360 MSTEE - ok
18:15:51.0797 7360 msvsmon80 (73fa09b84b23a1897809a84f976d5d99) C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
18:15:51.0953 7360 msvsmon80 - ok
18:15:53.0201 7360 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:15:53.0216 7360 Mup - ok
18:15:53.0232 7360 mvusbews (b9df137953a5280eddbd4a705ca093a2) C:\Windows\system32\Drivers\mvusbews.sys
18:15:53.0263 7360 mvusbews - ok
18:15:53.0388 7360 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
18:15:53.0419 7360 napagent - ok
18:15:53.0481 7360 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:15:53.0497 7360 NativeWifiP - ok
18:15:53.0559 7360 NCFilter (157e98b2dd9139c7d55049fe635bd39f) C:\Windows\system32\DRIVERS\NCFilter.sys
18:15:53.0591 7360 NCFilter - ok
18:15:53.0903 7360 NCFSD (df04002fb1f6c9dcb438b9324640ccdb) C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys
18:15:53.0934 7360 NCFSD - ok
18:15:54.0012 7360 NCIOCTL (54adec9108c5a0bf9d21e4a6ef062db1) C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys
18:15:54.0043 7360 NCIOCTL - ok
18:15:54.0168 7360 NCRecognizer (450b8c689b73c39816fb872404805517) C:\Windows\system32\DRIVERS\NCRecognizer.sys
18:15:54.0199 7360 NCRecognizer - ok
18:15:54.0277 7360 NCUncFilter (d28874f3ce6badd9884c62391b39133f) C:\Windows\system32\DRIVERS\NCUncFilter.sys
18:15:54.0293 7360 NCUncFilter - ok
18:15:54.0464 7360 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:15:54.0511 7360 NDIS - ok
18:15:54.0558 7360 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:15:54.0589 7360 NdisTapi - ok
18:15:54.0605 7360 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:15:54.0620 7360 Ndisuio - ok
18:15:54.0854 7360 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:15:54.0885 7360 NdisWan - ok
18:15:54.0901 7360 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:15:54.0917 7360 NDProxy - ok
18:15:54.0932 7360 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:15:54.0979 7360 NetBIOS - ok
18:15:55.0010 7360 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:15:55.0041 7360 netbt - ok
18:15:55.0057 7360 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:15:55.0073 7360 Netlogon - ok
18:15:55.0369 7360 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
18:15:55.0431 7360 Netman - ok
18:15:55.0931 7360 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:15:55.0946 7360 NetMsmqActivator - ok
18:15:55.0946 7360 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:15:55.0962 7360 NetPipeActivator - ok
18:15:56.0165 7360 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
18:15:56.0196 7360 netprofm - ok
18:15:56.0211 7360 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:15:56.0211 7360 NetTcpActivator - ok
18:15:56.0227 7360 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:15:56.0227 7360 NetTcpPortSharing - ok
18:15:56.0726 7360 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
18:15:56.0882 7360 NETw3v32 - ok
18:16:01.0500 7360 NETw5v32 (0b214c6a4728f085fb64a29ed9c4de94) C:\Windows\system32\DRIVERS\NETw5v32.sys
18:16:01.0703 7360 NETw5v32 - ok
18:16:01.0874 7360 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:16:01.0890 7360 nfrd960 - ok
18:16:02.0139 7360 NICM (a1ef820415ed5bbe0dbb3f67866bd2e1) C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys
18:16:02.0186 7360 NICM - ok
18:16:02.0405 7360 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
18:16:02.0420 7360 NlaSvc - ok
18:16:02.0451 7360 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\Windows\system32\drivers\ccdcmb.sys
18:16:02.0514 7360 nmwcd - ok
18:16:02.0545 7360 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\Windows\system32\drivers\ccdcmbo.sys
18:16:02.0592 7360 nmwcdc - ok
18:16:02.0623 7360 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:16:02.0639 7360 Npfs - ok
18:16:02.0654 7360 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
18:16:02.0685 7360 nsi - ok
18:16:02.0717 7360 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:16:02.0763 7360 nsiproxy - ok
18:16:02.0763 7360 NSNDIS5 - ok
18:16:02.0904 7360 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:16:02.0966 7360 Ntfs - ok
18:16:02.0997 7360 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:16:03.0044 7360 ntrigdigi - ok
18:16:03.0060 7360 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:16:03.0075 7360 Null - ok
18:16:03.0138 7360 NVHDA (93c0f383b39b1f5fe7203e3270d4cf52) C:\Windows\system32\drivers\nvhda32v.sys
18:16:03.0169 7360 NVHDA - ok
18:16:04.0230 7360 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:16:04.0713 7360 nvlddmkm - ok
18:16:04.0838 7360 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:16:04.0854 7360 nvraid - ok
18:16:04.0869 7360 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:16:04.0885 7360 nvstor - ok
18:16:04.0994 7360 nvsvc (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe
18:16:05.0072 7360 nvsvc - ok
18:16:05.0306 7360 nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:16:05.0447 7360 nvUpdatusService - ok
18:16:05.0571 7360 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:16:05.0587 7360 nv_agp - ok
18:16:05.0587 7360 NwlnkFlt - ok
18:16:05.0603 7360 NwlnkFwd - ok
18:16:05.0618 7360 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
18:16:05.0634 7360 ohci1394 - ok
18:16:05.0712 7360 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:16:05.0727 7360 ose - ok
18:16:06.0039 7360 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:16:06.0211 7360 osppsvc - ok
18:16:07.0319 7360 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:16:07.0412 7360 p2pimsvc - ok
18:16:07.0428 7360 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:16:07.0443 7360 p2psvc - ok
18:16:07.0506 7360 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:16:07.0537 7360 Parport - ok
18:16:07.0568 7360 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
18:16:07.0584 7360 partmgr - ok
18:16:07.0599 7360 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:16:07.0646 7360 Parvdm - ok
18:16:07.0709 7360 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
18:16:07.0771 7360 PcaSvc - ok
18:16:07.0818 7360 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
18:16:07.0849 7360 pccsmcfd - ok
18:16:07.0911 7360 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:16:07.0927 7360 pci - ok
18:16:07.0943 7360 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
18:16:07.0958 7360 pciide - ok
18:16:07.0989 7360 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
18:16:08.0005 7360 pcmcia - ok
18:16:08.0067 7360 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:16:08.0145 7360 PEAUTH - ok
18:16:08.0411 7360 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
18:16:08.0489 7360 pla - ok
18:16:08.0879 7360 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
18:16:08.0910 7360 PlugPlay - ok
18:16:09.0830 7360 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:16:09.0861 7360 PNRPAutoReg - ok
18:16:09.0861 7360 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:16:09.0893 7360 PNRPsvc - ok
18:16:10.0298 7360 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
18:16:10.0361 7360 PolicyAgent - ok
18:16:10.0829 7360 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:16:10.0875 7360 PptpMiniport - ok
18:16:11.0156 7360 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:16:11.0203 7360 Processor - ok
18:16:11.0858 7360 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
18:16:11.0874 7360 ProfSvc - ok
18:16:11.0983 7360 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:16:11.0999 7360 ProtectedStorage - ok
18:16:12.0248 7360 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:16:12.0295 7360 PSched - ok
18:16:12.0857 7360 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
18:16:12.0872 7360 PSI_SVC_2 - ok
18:16:14.0479 7360 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:16:14.0557 7360 ql2300 - ok
18:16:14.0978 7360 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:16:15.0009 7360 ql40xx - ok
18:16:15.0041 7360 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
18:16:15.0072 7360 QWAVE - ok
18:16:15.0087 7360 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:16:15.0103 7360 QWAVEdrv - ok
18:16:15.0165 7360 RapiMgr (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll
18:16:15.0197 7360 RapiMgr - ok
18:16:15.0228 7360 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:16:15.0243 7360 RasAcd - ok
18:16:15.0259 7360 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
18:16:15.0306 7360 RasAuto - ok
18:16:15.0306 7360 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:16:15.0337 7360 Rasl2tp - ok
18:16:15.0384 7360 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
18:16:15.0431 7360 RasMan - ok
18:16:15.0462 7360 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:16:15.0477 7360 RasPppoe - ok
18:16:15.0587 7360 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:16:15.0618 7360 RasSstp - ok
18:16:15.0758 7360 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:16:15.0774 7360 rdbss - ok
18:16:15.0805 7360 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:16:15.0836 7360 RDPCDD - ok
18:16:15.0867 7360 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:16:15.0899 7360 rdpdr - ok
18:16:15.0899 7360 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:16:15.0930 7360 RDPENCDD - ok
18:16:15.0961 7360 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
18:16:16.0008 7360 RDPWD - ok
18:16:16.0585 7360 RegSrvc (3c109efd0cef1b540ed3c7f573594bfd) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:16:16.0616 7360 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
18:16:16.0616 7360 RegSrvc - detected UnsignedFile.Multi.Generic (1)
18:16:16.0663 7360 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
18:16:16.0694 7360 RemoteAccess - ok
18:16:16.0741 7360 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
18:16:16.0788 7360 RemoteRegistry - ok
18:16:16.0819 7360 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
18:16:16.0850 7360 RFCOMM - ok
18:16:16.0881 7360 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:16:16.0913 7360 RpcLocator - ok
18:16:16.0991 7360 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:16:17.0022 7360 RpcSs - ok
18:16:17.0053 7360 RsFx0105 (6a7360e36cbd636972aeef0dd292a946) C:\Windows\system32\DRIVERS\RsFx0105.sys
18:16:17.0069 7360 RsFx0105 - ok
18:16:17.0100 7360 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:16:17.0147 7360 rspndr - ok
18:16:17.0147 7360 s0017bus - ok
18:16:17.0147 7360 s0017mdfl - ok
18:16:17.0147 7360 s0017mdm - ok
18:16:17.0162 7360 s0017mgmt - ok
18:16:17.0178 7360 s0017nd5 - ok
18:16:17.0178 7360 s0017obex - ok
18:16:17.0178 7360 s0017unic - ok
18:16:17.0225 7360 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:16:17.0240 7360 SamSs - ok
18:16:17.0334 7360 Samsung Update Plus (a9d840fa78f65857eb554229914f855c) C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
18:16:17.0349 7360 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - warning
18:16:17.0349 7360 Samsung Update Plus - detected UnsignedFile.Multi.Generic (1)
18:16:17.0443 7360 SbieDrv (1fbd21895b768cd40e83b86c18e6454f) D:\Programme\Sandboxie\SbieDrv.sys
18:16:17.0459 7360 SbieDrv - ok
18:16:17.0521 7360 SbieSvc (d5d875d6662f30c7fbf5f6879452b12b) D:\Programme\Sandboxie\SbieSvc.exe
18:16:17.0537 7360 SbieSvc - ok
18:16:17.0615 7360 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:16:17.0630 7360 sbp2port - ok
18:16:17.0693 7360 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
18:16:17.0708 7360 SCardSvr - ok
18:16:17.0771 7360 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
18:16:17.0849 7360 Schedule - ok
18:16:17.0880 7360 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:16:17.0895 7360 SCPolicySvc - ok
18:16:17.0958 7360 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
18:16:18.0005 7360 sdbus - ok
18:16:18.0020 7360 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
18:16:18.0051 7360 SDRSVC - ok
18:16:18.0067 7360 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:16:18.0114 7360 secdrv - ok
18:16:18.0129 7360 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
18:16:18.0161 7360 seclogon - ok
18:16:18.0176 7360 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
18:16:18.0207 7360 SENS - ok
18:16:18.0254 7360 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:16:18.0301 7360 Serenum - ok
18:16:18.0317 7360 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:16:18.0395 7360 Serial - ok
18:16:18.0426 7360 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:16:18.0441 7360 sermouse - ok
18:16:19.0253 7360 ServiceLayer (c15b813f2fdb44f87f23312472c6e790) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
18:16:19.0299 7360 ServiceLayer - ok
18:16:19.0424 7360 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
18:16:19.0440 7360 SessionEnv - ok
18:16:19.0455 7360 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:16:19.0487 7360 sffdisk - ok
18:16:19.0502 7360 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:16:19.0533 7360 sffp_mmc - ok
18:16:19.0549 7360 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:16:19.0580 7360 sffp_sd - ok
18:16:19.0596 7360 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:16:19.0643 7360 sfloppy - ok
18:16:19.0689 7360 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
18:16:19.0736 7360 SharedAccess - ok
18:16:19.0892 7360 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
18:16:19.0955 7360 ShellHWDetection - ok
18:16:19.0986 7360 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:16:20.0001 7360 sisagp - ok
18:16:20.0017 7360 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:16:20.0033 7360 SiSRaid2 - ok
18:16:20.0048 7360 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:16:20.0064 7360 SiSRaid4 - ok
18:16:20.0298 7360 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) D:\Programme\Skype\Updater\Updater.exe
18:16:20.0313 7360 SkypeUpdate - ok
18:16:21.0530 7360 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
18:16:21.0702 7360 slsvc - ok
18:16:21.0827 7360 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
18:16:21.0858 7360 SLUINotify - ok
18:16:21.0920 7360 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:16:21.0951 7360 Smb - ok
18:16:21.0983 7360 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:16:21.0998 7360 SNMPTRAP - ok
18:16:22.0107 7360 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
18:16:22.0107 7360 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:16:22.0107 7360 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:16:22.0139 7360 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:16:22.0139 7360 spldr - ok
18:16:22.0201 7360 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
18:16:22.0232 7360 Spooler - ok
18:16:22.0295 7360 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
18:16:22.0357 7360 sptd - ok
18:16:22.0451 7360 SQLAgent$SQLEXPRESS (a892134c28777978ecde8283dc57ac0f) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:16:22.0482 7360 SQLAgent$SQLEXPRESS - ok
18:16:22.0544 7360 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:16:22.0560 7360 SQLBrowser - ok
18:16:22.0607 7360 SQLWriter (135cdccc167ef0c250125bbd3abe18d5) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:16:22.0622 7360 SQLWriter - ok
18:16:22.0747 7360 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:16:22.0778 7360 srv - ok
18:16:22.0809 7360 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:16:22.0841 7360 srv2 - ok
18:16:22.0872 7360 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:16:22.0887 7360 srvnet - ok
18:16:22.0919 7360 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
18:16:22.0950 7360 SSDPSRV - ok
18:16:22.0997 7360 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:16:23.0012 7360 ssmdrv - ok
18:16:23.0043 7360 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
18:16:23.0059 7360 SstpSvc - ok
18:16:23.0106 7360 ssudmdm (07318149e102fd9197ab444c27774372) C:\Windows\system32\DRIVERS\ssudmdm.sys
18:16:23.0137 7360 ssudmdm - ok
18:16:23.0199 7360 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
18:16:23.0246 7360 stisvc - ok
18:16:23.0340 7360 StkCMini (ab80c9dde1f8d9f9f946365205ed55eb) C:\Windows\system32\Drivers\StkCMini.sys
18:16:23.0402 7360 StkCMini - ok
18:16:23.0496 7360 StkSSrv (45062bf3aeeb2febe29a67d0448571db) C:\Windows\System32\StkCSrv.exe
18:16:23.0527 7360 StkSSrv - ok
18:16:23.0574 7360 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:16:23.0574 7360 swenum - ok
18:16:23.0636 7360 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
18:16:23.0652 7360 swprv - ok
18:16:23.0667 7360 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:16:23.0683 7360 Symc8xx - ok
18:16:23.0699 7360 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:16:23.0714 7360 Sym_hi - ok
18:16:23.0730 7360 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:16:23.0745 7360 Sym_u3 - ok
18:16:23.0792 7360 SynTP (71837fbce3fd8143953444b3ff7938dc) C:\Windows\system32\DRIVERS\SynTP.sys
18:16:23.0823 7360 SynTP - ok
18:16:23.0886 7360 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
18:16:23.0964 7360 SysMain - ok
18:16:23.0995 7360 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:16:24.0026 7360 TabletInputService - ok
18:16:24.0073 7360 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
18:16:24.0089 7360 TapiSrv - ok
18:16:24.0104 7360 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
18:16:24.0135 7360 TBS - ok
18:16:24.0198 7360 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
18:16:24.0245 7360 Tcpip - ok
18:16:24.0260 7360 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
18:16:24.0291 7360 Tcpip6 - ok
18:16:24.0323 7360 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:16:24.0354 7360 tcpipreg - ok
18:16:24.0385 7360 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:16:24.0401 7360 TDPIPE - ok
18:16:24.0416 7360 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:16:24.0432 7360 TDTCP - ok
18:16:24.0463 7360 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:16:24.0494 7360 tdx - ok
18:16:24.0525 7360 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:16:24.0541 7360 TermDD - ok
18:16:24.0603 7360 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
18:16:24.0650 7360 TermService - ok
18:16:24.0713 7360 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
18:16:24.0728 7360 Themes - ok
18:16:24.0744 7360 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:16:24.0759 7360 THREADORDER - ok
18:16:24.0806 7360 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
18:16:24.0837 7360 TrkWks - ok
18:16:24.0900 7360 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
18:16:24.0915 7360 TrustedInstaller - ok
18:16:24.0947 7360 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:16:24.0978 7360 tssecsrv - ok
18:16:24.0993 7360 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:16:25.0025 7360 tunmp - ok
18:16:25.0071 7360 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:16:25.0087 7360 tunnel - ok
18:16:25.0103 7360 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:16:25.0118 7360 uagp35 - ok
18:16:25.0149 7360 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:16:25.0165 7360 udfs - ok
18:16:25.0196 7360 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
18:16:25.0227 7360 UI0Detect - ok
18:16:25.0243 7360 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:16:25.0259 7360 uliagpkx - ok
18:16:25.0290 7360 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:16:25.0305 7360 uliahci - ok
18:16:25.0337 7360 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:16:25.0337 7360 UlSata - ok
18:16:25.0368 7360 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:16:25.0368 7360 ulsata2 - ok
18:16:25.0383 7360 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:16:25.0430 7360 umbus - ok
18:16:25.0446 7360 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
18:16:25.0493 7360 upnphost - ok
18:16:25.0508 7360 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
18:16:25.0539 7360 upperdev - ok
18:16:25.0571 7360 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:16:25.0602 7360 usbccgp - ok
18:16:25.0633 7360 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:16:25.0680 7360 usbcir - ok
18:16:25.0711 7360 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:16:25.0742 7360 usbehci - ok
18:16:25.0773 7360 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:16:25.0805 7360 usbhub - ok
18:16:25.0820 7360 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:16:25.0867 7360 usbohci - ok
18:16:25.0898 7360 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:16:25.0914 7360 usbprint - ok
18:16:25.0929 7360 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:16:25.0945 7360 usbscan - ok
18:16:25.0992 7360 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
18:16:26.0007 7360 usbser - ok
18:16:26.0039 7360 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
18:16:26.0070 7360 UsbserFilt - ok
18:16:26.0101 7360 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:16:26.0132 7360 USBSTOR - ok
18:16:26.0163 7360 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:16:26.0210 7360 usbuhci - ok
18:16:26.0241 7360 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:16:26.0273 7360 usbvideo - ok
18:16:26.0304 7360 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
18:16:26.0335 7360 UxSms - ok
18:16:26.0382 7360 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
18:16:26.0460 7360 vds - ok
18:16:26.0491 7360 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:16:26.0522 7360 vga - ok
18:16:26.0538 7360 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:16:26.0569 7360 VgaSave - ok
18:16:26.0585 7360 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:16:26.0600 7360 viaagp - ok
18:16:26.0631 7360 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:16:26.0647 7360 ViaC7 - ok
18:16:26.0663 7360 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:16:26.0678 7360 viaide - ok
18:16:26.0741 7360 vmm (e41fef9e3056fe88c71e411f705be41e) C:\Windows\system32\Drivers\vmm.sys
18:16:26.0741 7360 vmm - ok
18:16:26.0756 7360 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:16:26.0772 7360 volmgr - ok
18:16:26.0834 7360 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:16:26.0850 7360 volmgrx - ok
18:16:26.0897 7360 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:16:26.0912 7360 volsnap - ok
18:16:26.0928 7360 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\Windows\system32\DRIVERS\VMNetSrv.sys
18:16:26.0943 7360 VPCNetS2 - ok
18:16:26.0990 7360 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:16:27.0006 7360 vsmraid - ok
18:16:27.0193 7360 VSPerfDrv100 (143c873a90e834f38733bb05d686a9e7) D:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
18:16:27.0209 7360 VSPerfDrv100 - ok
18:16:27.0302 7360 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
18:16:27.0396 7360 VSS - ok
18:16:27.0443 7360 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
18:16:27.0458 7360 W32Time - ok
18:16:27.0521 7360 W3SVC (9ca92191c8f18e8b491a5b28e63c07b7) C:\Windows\system32\inetsrv\iisw3adm.dll
18:16:27.0583 7360 W3SVC - ok
18:16:27.0630 7360 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:16:27.0677 7360 WacomPen - ok
18:16:27.0692 7360 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:16:27.0723 7360 Wanarp - ok
18:16:27.0723 7360 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:16:27.0739 7360 Wanarpv6 - ok
18:16:27.0755 7360 WAS (9ca92191c8f18e8b491a5b28e63c07b7) C:\Windows\system32\inetsrv\iisw3adm.dll
18:16:27.0770 7360 WAS - ok
18:16:27.0848 7360 WcesComm (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll
18:16:27.0911 7360 WcesComm - ok
18:16:27.0957 7360 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
18:16:27.0989 7360 wcncsvc - ok
18:16:28.0020 7360 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:16:28.0051 7360 WcsPlugInService - ok
18:16:28.0082 7360 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:16:28.0082 7360 Wd - ok
18:16:28.0145 7360 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:16:28.0176 7360 Wdf01000 - ok
18:16:28.0207 7360 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:16:28.0238 7360 WdiServiceHost - ok
18:16:28.0238 7360 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:16:28.0254 7360 WdiSystemHost - ok
18:16:28.0301 7360 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
18:16:28.0332 7360 WebClient - ok
18:16:28.0379 7360 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
18:16:28.0410 7360 Wecsvc - ok
18:16:28.0425 7360 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
18:16:28.0457 7360 wercplsupport - ok
18:16:28.0488 7360 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
18:16:28.0519 7360 WerSvc - ok
18:16:28.0566 7360 wimmount (05fb36a51e04a6c6b3a5f125fa692e6b) C:\Windows\system32\DRIVERS\wimmount.sys
18:16:28.0566 7360 wimmount - ok
18:16:28.0644 7360 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
18:16:28.0659 7360 WinDefend - ok
18:16:28.0675 7360 WinHttpAutoProxySvc - ok
18:16:28.0737 7360 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
18:16:28.0753 7360 Winmgmt - ok
18:16:28.0862 7360 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
18:16:28.0971 7360 WinRM - ok
18:16:29.0018 7360 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
18:16:29.0049 7360 winusb - ok
18:16:29.0127 7360 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
18:16:29.0190 7360 Wlansvc - ok
18:16:29.0221 7360 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
18:16:29.0237 7360 WmiAcpi - ok
18:16:29.0315 7360 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
18:16:29.0330 7360 wmiApSrv - ok
18:16:29.0424 7360 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:16:29.0517 7360 WMPNetworkSvc - ok
18:16:29.0564 7360 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
18:16:29.0627 7360 WPCSvc - ok
18:16:29.0658 7360 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
18:16:29.0689 7360 WPDBusEnum - ok
18:16:29.0751 7360 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:16:29.0751 7360 WpdUsb - ok
18:16:29.0907 7360 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:16:29.0939 7360 WPFFontCache_v0400 - ok
18:16:29.0970 7360 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:16:30.0001 7360 ws2ifsl - ok
18:16:30.0032 7360 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
18:16:30.0063 7360 wscsvc - ok
18:16:30.0063 7360 WSearch - ok
18:16:30.0188 7360 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
18:16:30.0297 7360 wuauserv - ok
18:16:30.0438 7360 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
18:16:30.0469 7360 WudfPf - ok
18:16:30.0500 7360 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:16:30.0547 7360 WUDFRd - ok
18:16:30.0563 7360 wudfsvc (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
18:16:30.0609 7360 wudfsvc - ok
18:16:30.0703 7360 XTSvcMgr (3d130383a56db5de539aa6bb269e1a6c) C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
18:16:30.0734 7360 XTSvcMgr - ok
18:16:30.0765 7360 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
18:16:30.0812 7360 yukonwlh - ok
18:16:30.0859 7360 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:16:31.0218 7360 \Device\Harddisk0\DR0 - ok
18:16:31.0233 7360 Boot (0x1200) (7f27e7a5f99764e0541c909692381695) \Device\Harddisk0\DR0\Partition0
18:16:31.0233 7360 \Device\Harddisk0\DR0\Partition0 - ok
18:16:31.0265 7360 Boot (0x1200) (cebc2d5c0fb78ef07b6e43ff5cf87230) \Device\Harddisk0\DR0\Partition1
18:16:31.0265 7360 \Device\Harddisk0\DR0\Partition1 - ok
18:16:31.0265 7360 ============================================================
18:16:31.0265 7360 Scan finished
18:16:31.0265 7360 ============================================================
18:16:31.0265 5344 Detected object count: 13
18:16:31.0265 5344 Actual detected object count: 13
18:17:11.0778 5344 ANSYS, Inc. License Manager ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0778 5344 ANSYS, Inc. License Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344 Ch2kPS2M ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344 Ch2kPS2M ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344 Cherry Device Interface ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344 Cherry Device Interface ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0809 5344 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0809 5344 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0809 5344 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0809 5344 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:42.0713 1784 Deinitialize success
Gruß |
|
25.07.2012, 22:09
| #6 |
| /// Malware-holic | HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt lade den CCleaner standard: CCleaner Download - CCleaner 3.20.1750 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ --> HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt |
|
25.07.2012, 23:53
| #7 |
| | HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdecktCode:
ATTFilter 7-Zip 4.65 20.07.2009 3,13MB // unnötig ActivePerl 5.14.2 Build 1402 ActiveState 03.03.2012 75,9MB 5.14.1402 // unnötig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 05.05.2012 11.2.202.235 // notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 16.07.2012 11.3.300.265 // notwendig Adobe Photoshop CS4 Adobe Systems Incorporated 01.06.2009 11.0 // notwendig Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated 13.04.2012 10.1.3 // notwendig Adobe Shockwave Player 11.5 Adobe Systems, Inc. 09.02.2011 7,52MB 11.5.9.620 // notwendig Agere Systems HDA Modem Agere Systems 25.06.2008 // unnötig (wohl von Nokia Ovi) Android SDK Tools Google Inc. 14.07.2012 488MB 1.16 // notwendig Atheros WLAN Client 04.08.2008 876KB 1.00.000 // unbekannt Audacity 1.2.6 30.05.2009 8,43MB // unnötig AutoCAD 2010 - Deutsch Autodesk 21.01.2010 768MB 18.0.55.0 // unnötig Autodesk Design Review 2010 Autodesk, Inc. 21.01.2010 112MB 10.0.0.108 // notwendig Autodesk Inventor Content Center Libraries 2010 (Desktop Content) Autodesk, Inc. 21.01.2010 1,31MB 14.0.0000.22302 // notwendig Autodesk Inventor Professional 2010 Autodesk, Inc. 21.01.2010 1,91GB 14.1.0000.25300 // notwendig Avira Free Antivirus Avira 08.05.2012 66,4MB 12.0.0.1125 // notwendig Battlefield 3™ Electronic Arts 17.11.2011 1.0.0.0 // unnötig calibre Kovid Goyal 15.05.2011 128MB 0.8.1 // unnötig Canon MP Navigator EX 1.0 05.09.2008 65,9MB // notwendig Canon MP610 series 05.09.2008 // notwendig Canon MP610 series Benutzerregistrierung 05.09.2008 528KB // notwendig (wegen Druck-Treiber/Software?) Canon My Printer 02.02.2012 2,14MB // notwendig CCleaner Piriform 22.06.2012 4,76MB 3.20 // notwendig CD-LabelPrint 05.09.2008 11,7MB // notwendig (wegen Druck-Treiber/Software?) Cisco Systems VPN Client 5.0.03.0560 Cisco Systems, Inc. 12.10.2008 12,3MB 5.0.3 // notwendig Citavi Swiss Academic Software 04.03.2012 69,2MB 3.2.0.0 // notwendig Citrix Online Plug-in - Web Citrix Systems, Inc. 15.03.2011 16,0MB 12.1.0.30 // notwendig Compatibility Pack for the 2007 Office system Microsoft Corporation 10.05.2012 12.0.6612.1000 // unbekannt (Office 07 war aber mal installiert) Deep Exploration 6 CE Right Hemisphere 08.06.2011 459MB 6.1 // unnötig DisplayFusion 3.4.1 Binary Fortress Software 29.01.2012 9,94MB 3.4.1.0 // notwendig Dotfuscator Software Services - Community Edition PreEmptive Solutions 05.05.2012 6,45MB 5.0.2500.0 // unbekannt (.NET-Zeugs?) Dotfuscator Software Services - Community Edition - DEU PreEmptive Solutions 20.02.2011 2,84MB 5.0.2300.0 // unbekannt (.Net-Zeugs?) DWG TrueView 2010 Autodesk 21.01.2010 266MB 18.0.55.0 // notwendig EASEUS Partition Master 9.1.1 Home Edition EASEUS 05.05.2012 38,1MB // unnötig Easy Battery Manager 04.08.2008 7,89MB 3.2.1.7 // notwendig Easy Display Manager Samsung 25.06.2008 12,4MB 2.0.0.0 // notwendig Easy Network Manager 3.0 Ihr Firmenname 25.06.2008 36,9MB 3.0.0.0 // notwendig Easy SpeedUp Manager 04.08.2008 3,99MB 2.0.1.0 // notwendig EVEREST Ultimate Edition v5.01 Lavalys, Inc. 21.05.2009 15,5MB 5.01 // notwendig ffdshow [rev 2975] [2009-05-28] 30.05.2009 10,9MB 1.0 // notwendig FileZilla Client 3.3.3 12.08.2010 14,8MB 3.3.3 // unnötig GPL Ghostscript 8.64 16.06.2010 22,5MB // notwendig GSview 4.9 16.06.2010 3,21MB // notwendig HP LaserJet Professional P1100-P1560-P1600 Series 03.04.2012 8,58MB // unnötig ICQ7.5 ICQ 06.06.2011 52,0MB 7.5 // unnötig IguanaTex IguanaTex Team 10.03.2012 181KB 1.0.0 // notwendig Intel(R) PROSet/Wireless WiFi-Software Intel(R) Corporation 25.06.2008 78,3MB 12.00.2000 // unnötig? Keine Ahnung Intel® Matrix Storage Manager Intel Corporation 04.08.2008 908KB // unnötig? Keine Ahnung IrfanView (remove only) Irfan Skiljan 14.04.2012 1,60MB 4.32 // notwendig Java(TM) 7 Update 5 Oracle 25.07.2012 99,3MB 7.0.50 // notwendig JavaFX 2.1.1 Oracle Corporation 25.07.2012 20,8MB 2.1.1 // notwendig KeyMan V3.6 Build 6 ZF Electronics GmbH 03.02.2012 10,3MB 3.6.0.6 // unnötig LAME v3.99.3 (for Windows) 12.03.2012 1,55MB // notwendig latex2eps 0.11 Universität Duisburg-Essen - Hochfrequenztechnik 04.03.2012 8,25MB // notwendig League of Legends Riot Games 30.08.2011 2,24GB 1.02.0000 // unnötig MagicMap Humboldt Universität zu Berlin 08.08.2008 15,8MB 0.9.3 // unnötig Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 23.07.2012 11,8MB 1.62.0.1300 // notwendig Maple 12 Maplesoft 12.01.2009 699MB 12.0.0.0 // notwendig Maple 15 Maplesoft 11.03.2012 1,30GB 15.0.0.0 // notwendig Mathematica Extras 8.0 (2615434) Wolfram Research, Inc. 03.06.2012 984KB 8.0.4 // notwendig MATLAB R2012a The MathWorks, Inc. 04.06.2012 6,01GB 7.14 // notwendig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 27.02.2009 36,9MB // unnötig? (da 4.0 vorhanden ist?) Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 01.02.2009 27,8MB // unnötig? (da 4.0 vorhanden ist?) Microsoft .NET Framework 4 Client Profile Microsoft Corporation 01.07.2012 117MB 4.0.30320 // notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 01.07.2012 24,5MB 4.0.30320 // notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 01.07.2012 38,0MB 4.0.30320 // notwendig Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 01.07.2012 7,50MB 4.0.30320 // notwendig Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Corporation 20.02.2011 83,4MB 4.0.30319 // notwendig Microsoft ASP.NET MVC 2 Microsoft Corporation 20.02.2011 481KB 2.0.50217.0 // notwendig (kommt mit Autodesk Inventor) Microsoft ASP.NET MVC 2 - DEU Microsoft Corporation 20.02.2011 24,0KB 2.0.50331.0 // notwendig (kommt mit Autodesk Inventor) Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools Microsoft Corporation 20.02.2011 2,26MB 2.0.50217.0 // notwendig Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU Microsoft Corporation 20.02.2011 2,07MB 2.0.50331.0 // notwendig Microsoft Games for Windows - LIVE Microsoft Corporation 13.12.2009 8,31MB 3.1.186.0 // unnötig Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 13.12.2009 32,3MB 3.1.99.0 // unnötig Microsoft Help Viewer 1.1 Microsoft Corporation 05.05.2012 66,3MB 1.1.40219 // unbekannt Microsoft Help Viewer 1.1 Language Pack - DEU Microsoft Corporation 05.05.2012 66,3MB 1.1.40219 // unbekannt Microsoft Office Professional Plus 2010 Microsoft Corporation 04.05.2012 715MB 14.0.6029.1000 // notwendig Microsoft Project Professional 2010 Microsoft Corporation 04.05.2012 715MB 14.0.6029.1000 // notwendig Microsoft Silverlight Microsoft Corporation 11.05.2012 5.1.10411.0 // unnötig (kam garantiert irgendwo mit.. Keine Ahnung) Microsoft Silverlight 3 SDK - Deutsch Microsoft Corporation 20.02.2011 32,7MB 3.0.40818.0 // unbekannt (kam garantiert irgendwo mit.. Keine Ahnung) Microsoft Silverlight 4 SDK Microsoft Corporation 05.05.2012 51,6MB 4.0.50826.0 // unbekannt (kam garantiert irgendwo mit.. Keine Ahnung) Microsoft SQL Server 2005 Microsoft Corporation 13.10.2008 42,6MB // notwendig (wahrscheinlich wg. Autodesk Inventor) Microsoft SQL Server 2008 Microsoft Corporation 20.02.2011 3,09GB // notwendig (wahrscheinlich wg. Autodesk Inventor) Microsoft SQL Server 2008 Browser Microsoft Corporation 05.05.2012 10.3.5500.0 // notwendig (wahrscheinlich wg. Autodesk Inventor) Microsoft SQL Server 2008 Native Client Microsoft Corporation 05.05.2012 3,27MB 10.3.5500.0 // notwendig (wahrscheinlich wg. Autodesk Inventor) Microsoft SQL Server 2008 R2 Data-Tier Application Framework Microsoft Corporation 05.05.2012 5,54MB 10.50.1750.9 // notwendig (wahrscheinlich wg. Autodesk Inventor) Microsoft SQL Server 2008 R2 Data-Tier Application Project Microsoft Corporation 05.05.2012 11,8MB 10.50.1750.9 // notwendig (wahrscheinlich wg. Autodesk Inventor) Microsoft SQL Server 2008 R2 Management Objects Microsoft Corporation 05.05.2012 12,4MB 10.50.1750.9 // notwendig (wahrscheinlich wg. Autodesk Inventor) Microsoft SQL Server 2008 R2 Transact-SQL Language Service Microsoft Corporation 05.05.2012 6,72MB 10.50.1750.9 // notwendig (wahrscheinlich wg. Autodesk Inventor) Microsoft SQL Server Compact 3.5 SP2 DEU Microsoft Corporation 20.02.2011 3,69MB 3.5.8080.0 // notwendig (wahrscheinlich wg. Autodesk Inventor) Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft Corporation 04.11.2011 3,39MB 3.5.8080.0 // notwendig (wahrscheinlich wg. Autodesk Inventor) Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft Corporation 20.02.2011 10,1MB 10.1.2512.8 // notwendig (wahrscheinlich wg. Autodesk Inventor) Microsoft SQL Server Native Client Microsoft Corporation 04.05.2012 2,63MB 9.00.5000.00 // notwendig (wahrscheinlich wg. Autodesk Inventor) Microsoft SQL Server System CLR Types Microsoft Corporation 05.05.2012 929KB 10.50.1750.9 // notwendig (wahrscheinlich wg. Autodesk Inventor) Microsoft SQL Server VSS Writer Microsoft Corporation 05.05.2012 10.3.5500.0 // notwendig (wahrscheinlich wg. Autodesk Inventor) Microsoft Sync Framework Runtime v1.0 SP1 (x86) de Microsoft Corporation 20.02.2011 843KB 1.0.3010.0 // unbekannt Microsoft Sync Framework SDK v1.0 SP1 de Microsoft Corporation 20.02.2011 30,0MB 1.0.3010.0 // unbekannt Microsoft Sync Framework Services v1.0 SP1 (x86) de Microsoft Corporation 20.02.2011 2,06MB 1.0.3010.0 // unbekannt Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de Microsoft Corporation 20.02.2011 596KB 2.0.3010.0 // unbekannt Microsoft Team Foundation Server 2010-Objektmodell - DEU Microsoft Corporation 05.05.2012 10.0.40219 // notwendig Microsoft Virtual PC 2007 Microsoft Corporation 22.01.2012 36,7MB 6.0.156.0 // unnötig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 21.02.2012 294KB 8.0.56336 // unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 06.10.2010 597KB 9.0.30729 // unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 27.06.2009 590KB 9.0.30729 // unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 02.03.2011 223KB 9.0.30729.4148 // unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Corporation 20.02.2011 593KB 9.0.30729.4974 // unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 04.05.2012 594KB 9.0.30729.6161 // unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 18.04.2012 10.0.40219 // notwendig Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 Microsoft Corporation 05.05.2012 15,9MB 10.0.40219 // notwendig Microsoft Visual F# 2.0 Runtime Microsoft Corporation 05.05.2012 5,82MB 10.0.40219 // unnötig Microsoft Visual Studio 2005 Tools for Applications - ENU Microsoft Corporation 20.01.2010 11,8MB // unbekannt Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Corporation 05.05.2012 10.0.40219 // unnötig Microsoft Visual Studio 2010 Professional - DEU Microsoft Corporation 20.02.2011 1,78GB 10.0.30319 // notwendig Microsoft Visual Studio 2010 Professional - ENU Microsoft Corporation 05.11.2011 2,33GB 10.0.30319 // notwendig Microsoft Visual Studio 2010 Service Pack 1 Microsoft Corporation 05.05.2012 19,8MB 10.0.40219 // notwendig Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Microsoft Corporation 05.05.2012 7,19MB 10.0.31007 // unnötig Microsoft Visual Studio 2010 Ultimate - ENU Microsoft Corporation 06.11.2011 2,33GB 10.0.30319 // notwendig Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU Microsoft Corporation 20.02.2011 7,19MB 10.0.30319 // unnötig Microsoft Visual Studio Macro Tools Microsoft Corporation 20.02.2011 29,1MB 9.0.30729 // unnötig Microsoft Visual Studio Macro Tools - DEU Language Pack Microsoft Corporation 20.02.2011 29,1MB 9.0.30729 // unnötig Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft Corporation 04.05.2012 9.0.30729 // notwendig Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU Microsoft Corporation 08.06.2011 95,7MB 9.0.30729 // notwendig Microsoft Visual Studio Tools for Applications 2.0 Runtime Microsoft Corporation 08.06.2011 151KB 9.0.30729 // notwendig Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU Microsoft Corporation 08.06.2011 225KB 9.0.30729 // notwendig Microsoft WSE 3.0 Runtime Microsoft Corp. 13.10.2008 942KB 3.0.5305.0 // unbekannt Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme Microsoft Corporation 23.01.2012 132KB 12.0.4518.1014 // unnötig (Office 2010 inzwischen) MiKTeX 2.9 MiKTeX.org 17.01.2012 420MB 2.9 // notwendig Miranda IM 0.9.44 18.02.2012 117MB // notwendig Mozilla Firefox 14.0.1 (x86 de) Mozilla 18.07.2012 59,1MB 14.0.1 // notwendig Mozilla Maintenance Service Mozilla 18.07.2012 216KB 14.0.1 // notwendig MSXML 4.0 SP2 (KB936181) Microsoft Corporation 08.09.2008 1,26MB 4.20.9848.0 // unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 10.11.2008 1,27MB 4.20.9870.0 // unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,33MB 4.20.9876.0 // unbekannt NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1) 18.04.2012 800KB // notwendig (Novell) NMAS Challenge Response Method Novell, Inc. 18.04.2012 252KB 2.8.3.3 // notwendig NMAS Client Novell, Inc. 18.04.2012 1,01MB 3.5.0.6 // notwendig NNScript ESNation 26.05.2009 10,0MB 4.22 // unnötig Nokia Connectivity Cable Driver Nokia 04.06.2012 3,35MB 7.1.78.0 //notwendig Nokia Map Loader Nokia 18.04.2010 4,28MB 3.0.22 // notwendig Nokia Mobile VPN Client Policy Tool Nokia 15.06.2009 404KB 1.39 // notwendig Nokia Software Updater Nokia Corporation 25.10.2009 42,4MB 01.08.010.40008 // notwendig Nokia Suite Nokia 04.06.2012 129MB 3.4.49.0 // notwendig Novell Client for Windows Novell, Inc. 18.04.2012 6,07MB 2 SP2 // notwendig NVIDIA Grafiktreiber 285.62 NVIDIA Corporation 30.01.2012 47,0MB 285.62 // notwendig NVIDIA HD-Audiotreiber 1.2.24.0 NVIDIA Corporation 30.01.2012 3,40MB 1.2.24.0 // notwendig NVIDIA PhysX-Systemsoftware 9.11.0621 NVIDIA Corporation 30.01.2012 73,2MB 9.11.0621 // notwendig NVIDIA Update 1.5.20 NVIDIA Corporation 30.01.2012 3,53MB 1.5.20 // notwendig OpenAL 13.12.2009 792KB // unnötig Pando Media Booster Pando Networks Inc. 30.08.2011 7,16MB 2.3.6.0 // unbekannt PC Connectivity Solution Nokia 04.06.2012 14,8MB 12.0.17.0 // unnötig Play AVStation Ihr Firmenname 25.06.2008 91,1MB 4.1.20.50 // unnötig Play Camera Ihr Firmenname 07.08.2008 2,03MB 2.0.0.13 // unnötig Port Royale 3 Gaming Minds Studios GmbH 28.05.2012 1.1.2.0 // unnötig Rapture3D 2.3.22 Game Blue Ripple Sound 13.12.2009 9,56MB // unnötig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 25.06.2008 11,3MB 6.0.1.5605 // notwendig Rockstar Games Social Club Rockstar Games 27.02.2009 1,88MB 1.00.0000 // unnötig Samsung Kies Samsung Electronics Co., Ltd. 19.07.2012 217MB 2.3.2.12064_10 // notwendig Samsung Magic Doctor Samsung Electronics Co., LTD 04.08.2008 15,4MB 5.00 // unnötig Samsung Recovery Solution III Samsung 25.06.2008 36,4MB 3.0.0.5 // unnötig Samsung Update Plus Samsung Electronics Co., LTD 25.06.2008 5,64MB 1.3.0.11 // unnötig SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 24.07.2012 42,9MB 1.5.6.0 // notwendig Sandboxie 3.72 (32-bit) SANDBOXIE L.T.D 25.07.2012 3,96MB 3.72 // notwendig ScanSoft OmniPage SE 4 Nuance Communications, Inc. 05.09.2008 167MB 15.2.0020 // unnötig (kam mit Druck-Treiber/Software, nie genutzt) Secure Download Manager e-academy Inc. 03.05.2012 1,14MB 3.0.3 // unnötig Skype™ 5.10 Skype Technologies S.A. 09.07.2012 19,3MB 5.10.115 // notwendig SolidWorks 2012 Document Manager API SolidWorks Corporation 03.06.2012 8,78MB 20.00.5022 // unnötig SolidWorks eDrawings 2012 Dassault Systèmes SolidWorks Corp 03.06.2012 47,6MB 12.3.113 // unnötig SolidWorks viewer SolidWorks 04.05.2012 56,6MB 20.30.56 // unnötig Spelling Dictionaries Support For Adobe Reader 8 Adobe Systems 01.02.2009 32,5MB 8.0.0 // unnötig (Reader X) Spybot - Search & Destroy Safer Networking Limited 09.03.2009 45,0MB 1.6.2 // notwendig Synaptics Pointing Device Driver Synaptics 03.02.2012 13,6MB 11.1.3.2 // notwendig Tabellenbuch Metall digital Europa Lehrmittel 18.01.2009 109MB 1.00.0000 // notwendig TeXnicCenter Version 1.0 Stable RC1 TeXnicCenter.org 17.01.2012 11,8MB Version 1.0 Stable RC1 // unnötig TortoiseSVN 1.7.7.22907 (32 bit) TortoiseSVN 18.07.2012 34,8MB 1.7.22907 // notwendig Total Commander (Remove or Repair) Ghisler Software GmbH 14.04.2012 7,42MB 7.57a // notwendig UltraEdit 15.00 IDM Computer Solutions, Inc. 16.06.2009 44,1MB 15.00.40 // notwendig UltraISO Premium V9.52 30.11.2011 5,75MB // unnötig Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 04.05.2012 23,2MB 9.00.5000.00 // unbekannt Unterstützungsdateien für Microsoft SQL Server 2008-Setup Microsoft Corporation 05.05.2012 30,0MB 10.3.5500.0 // unbekannt USB2.0 UVC 1.3M WebCam 26.06.2009 // notwendig (Kamera-Treiber?) USB2.0 UVC WebCam D-MAX 25.06.2008 2,65MB 6.11.706.012 // notwendig (Kamera-Treiber?) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU Microsoft Corporation 20.02.2011 11,1MB 4.0.8080.0 // notwendig Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU Microsoft Corporation 04.11.2011 10,7MB 4.0.8080.0 // notwendig VLC media player 2.0.1 VideoLAN 26.03.2012 49,1MB 2.0.1 // notwendig WCF RIA Services V1.0 SP1 Microsoft Corporation 05.05.2012 12,3MB 4.1.60114.0 // unbekannt Web Deployment Tool Microsoft Corporation 20.02.2011 7,96MB 1.1.0618 // unnötig WIDCOMM Bluetooth Software 6.0.1.6300 WIDCOMM, Inc. 25.06.2008 35,5MB 6.0.1.6300 // notwendig Winamp Nullsoft, Inc 27.08.2008 27,8MB 5.541 // notwendig Windows 7 USB/DVD Download Tool Microsoft Corporation 22.09.2010 2,71MB 1.0.30 // unnötig Windows Automated Installation Kit Microsoft Corporation 22.09.2010 1,34GB 2.0.0.0 // unnötig Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 04.06.2012 15,0MB 08/22/2008 7.0.0.0 // notwendig? WinEdt 6 WinEdt Team 05.02.2011 24,4MB 6.0 // notwendig WinRAR 4.10 (32-Bit) win.rar GmbH 01.02.2012 3,72MB 4.10.0 // notwendig Wolfram Mathematica 8 for Students (M-WIN-G 8.0.4 2615565) Wolfram Research, Inc. 03.06.2012 2,98GB 8.0.4 // notwendig Zattoo4 4.0.4 Zattoo Inc. 11.04.2010 40,1MB 4.0.4 // notwendig Gruß |
|
26.07.2012, 17:39
| #8 |
| /// Malware-holic | HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt deinstaliere 7-Zip ActivePerl Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Audacity Battlefield calibre Compatibility Pack Deep Exploration EASEUS FileZilla HP KeyMan League MagicMap Microsoft Games : alle NNScript OpenAL Play : beide Port Rapture3D Rockstar ScanSoft Secure SolidWorks : alle Spelling Dictionaries Spybot : weg damit, lieber Malwarebytes von zeit zu zeit updaten und scannen lassen TeXnicCenter UltraISO Premium Web Deployment Windows Automated öffne ccleaner, analysieren starten. öffne otl, cleanup, pc startet neu, testen wie er läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.07.2012, 16:11
| #9 |
| | HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt Hi Markus, hab die Programme deinstalliert, CCleaner aufräumen lassen und in OTL auf "Bereinigen" geklickt. Auf dem Rechner waren danach keine Spiele mehr außer den Windows-Games. Trotzdem waren die Kopierschutz-Dateien, die der TDSSKiller aufgelistet hat, noch vorhanden (atksgt.sys,lirsgt.sys). Laut hxxp://www.datei.info/was_ist/atksgt_sys.html gehören die Dateien zum Kopierschutztreiber "Tages". Mit Hilfe der Installationsdatei der neuen Version ( hxxp://tagesprotection.com/5.5/TagesSetup.exe ) habe ich dann den Tages-Treiber deinstalliert. Folgende Dateien, die der TDSSKiller gemeldet hat, sind jetzt nicht mehr vorhanden: Code:
ATTFilter C:\Program Files\Cherry\CDI\cdi.exe
C:\Windows\system32\DRIVERS\atksgt.sys
C:\Windows\system32\DRIVERS\lirsgt.sys
C:\Windows\system32\epmntdrv.sys
C:\Windows\system32\EuGdiDrv.sys
C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
Code:
ATTFilter C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Windows\system32\DRIVERS\Ch2kPS2M.sys
C:\Windows\system32\Drivers\CVPNDRVA.sys
C:\Program Files\Intel\WiFi\bin\EvtEng.exe // nach Update von Intel PROSet Wireles ist die Datei jetzt signiert
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe // nach Update von Intel PROSet Wireles ist die Datei jetzt signiert
Der Rechner läuft (wie schon die ganze Zeit) ohne Probleme. Allerdings sind die virtuellen Laufwerke noch weg, Defogger wurde von OTL entfernt und Daemon Tools Lite fehlt beim Autostart. Kann ich mir Defogger einfach nochmal runterladen und die Laufwerke wieder aktivieren oder wäre es einfacher DTLite neu zu installieren? Vielen Dank für deine Hilfe! Gruß |
|
27.07.2012, 18:45
| #10 |
| /// Malware-holic | HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt hi, die dateien können bleiben, sorry das mit defogger hab ich vergessen, laden, enable klicken und wieder löschen. danach pc absichern: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. http://www.trojaner-board.de/103809-...i-malware.html testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie Download - Sandboxie 3.72 anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.07.2012, 14:43
| #11 |
| | HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt Hi Markus, kam erst heute wieder dazu was an dem Laptop zu machen. Die virtuellen Laufwerke sind nach re-enablen wieder da. Ich werde Antivir mit avast! Free ersetzen. Spybot bleibt deinstalliert. Chrome habe ich installiert und gleich mal um AdBlock Plus und HTTPS Everywhere erweitert. Gibt es da noch mehr sinnvolle Addons? SEHOP ist jetzt aktiviert, DEP ist umgestellt: Ich habe jetzt "Datenausführungsverhinderung für alle Programme und Dienste mit Ausnahme der ausgewählten einschalten:" ausgewählt. Der Hinweis am unteren Ende des Fensters "Der Prozessor des Computers unterstützt keine hardwareseitige Datenausführungsverhinderung. [...]" ist verschwunden, nachdem ich das NX-Bit im BIOS aktiviert habe (Intel Penryn-Architektur). Vielleicht kann man darauf in der Anleitung noch hinweisen. Im BIOS habe ich dann gleich noch den MBR-Schreibschutz aktiviert. Sandboxie war bereits installiert und wird auch verwendet. Auf File Hippo update checker und PSI verzichte ich. Beides habe ich ausprobiert - mit mäßigem Ergebnis. Noch einmal herzlichen Dank für deine Hilfe. Gruß |
|
30.07.2012, 19:45
| #12 |
| /// Malware-holic | HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt hi was heißt "mit mäßigem ergebniss"? adblock für chrome: http://filepony.de/download-ghostery_chrome/ sicher surfen mit chrome: Sicher surfen mit Google Chrome | Verbraucher sicher online
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.07.2012, 12:10
| #13 |
| | HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt Naja, nicht auf dem neuesten Stand zum Zeitpunkt der Ausführung waren:
Gruß |
|
31.07.2012, 12:13
| #14 |
| /// Malware-holic | HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt hi miranda wird gelistet, ich hab ja file hippo etc auch auf vielen pcs instaliert. hast du das programm instaliert oder nur in ihrer datenbank geguckt. ok, viele programme haben updater, aber weist du wie lange das häufig dauerd bis die laden, ewig, bei java zb einige wochen, und auch flash wird nicht am tage des updates aktualisiert, das ist gefährlich, da besonders bei den programmen die lücken immer schnell genutzt werden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.07.2012, 16:46
| #15 |
| | HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt Miranda habe ich einmal installiert und update seitdem über die 7zip-files. FileHippo Updater war installiert, bei PSI habe ich zunächst die Java-Variante ausprobiert und danach die exe installiert. Aber auch die PSI-exe zeigte DTLite etc nicht an. Sogar schlimmer: Obwohl eine neue Vidalia-Version ( https://www.torproject.org ) zur verfügung steht wird Vidalia als aktuell gelistet (auf dem Rechner war 0.2.17 [portable] statt 0.2.20). Ich hab die Update-Intervalle anders konfiguriert: Java z.B. von wöchentlichen Updates Sonntags um 2.00 Uhr auf täglich 20.00 Uhr (da sollte der Rechner meistens an sein). Ob das hilft aktuelle Software zu haben, sehe ich beim nächsten Update (im Netz steht ja, wann das Update rauskam). Die Flash-Updates gemäß dem Tipp hier ( hxxp://www.raymond.cc/blog/setting-adobe-flash-player-auto-update-check-interval/ ) auf Programmstart statt standard (7 Tage). Gruß |
|
| Themen zu HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt |
| 32 bit, 7-zip, akamai, antivir, audacity, autorun, avira, bho, canon, cisco vpn, error, exe, expert pdf, firefox, flash player, format, ftp, google earth, grand theft auto, hacktool.hiderun, home, iexplore.exe, install.exe, java., java/exploit.cve-2012-0507.b, java/trojandownloader.agent.ndr, logfile, mozilla, ntdll.dll, nvidia update, plug-in, programm, realtek, registry, rundll, safer networking, searchscopes, server, software, system, total commander, u.s./worldwide, vista, visual studio, win32k.sys, windows, wlan, zip-datei |
