Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt (https://www.trojaner-board.de/120268-hacktool-hiderun-c-windows-installer-java-trojan-cache-entdeckt.html)

Ilu 24.07.2012 13:56
HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt
 
Hi,

nachdem ich gestern dummerweise die Zip-Datei (nicht die exe) des aktuellen "Paket nicht zustellbar, ihre Deutsche Post"-Spams geöffnet hatte, dachte ich mir es könnte nicht schaden mal eine aktive Suche nach Schädlingen zu starten. Indizien für einen Schädlingsbefall kann ich auf dem System nicht feststellen.

Ich hab mich daraufhin hier im Forum ( http://www.trojaner-board.de/116915-...sche-post.html ) über den Post-Trojaner informiert und einen Vollscan mit Anti-Malware durchgeführt:
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.23.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

23.07.2012 14:08:38
mbam-log-2012-07-23 (18-36-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1022302
Laufzeit: 4 Stunde(n), 25 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Installer\MSIC9F9.tmp (HackTool.Hiderun) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
(Die Betroffene Datei konnte ich über die Signatur einer Firma zuorden, von der ein Programm installiert war. Die Datei wurde in Quarantäne verschoben und das Programm deinstalliert [wird nicht benötigt].)

Anschließend habe ich den ESET Online Scanner gemäß der Anleitung ( http://www.trojaner-board.de/116915-...sche-post.html ) laufen lassen:
Code:
C:\Users\AccIluD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6e8ca900-32b1644b        a variant of Java/Exploit.CVE-2012-0507.B trojan
C:\Users\***AccMitUserRechten***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\729d2bc0-4badd85a        Java/Exploit.Blacole.AN trojan
C:\Users\***AccMitUserRechten***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6281e90c-628a305a        a variant of Java/TrojanDownloader.Agent.NDR trojan
Die 3 Funde habe ich löschen lassen und anschließend den Java-Cache aller Accounts geleert. Die 3 Dateien gehörten zum Cache eines Accounts mit User-Rechten.

Jetzt kam der Entschluss hier einen Thread zu erstellen, da ich befürchte noch mehr auf dem System zu haben.
Nach disablen mit Defogger, OTL:
Code:
OTL logfile created on: 24.07.2012 12:15:21 - Run 1
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,46% Memory free
6,19 Gb Paging File | 4,61 Gb Available in Paging File | 74,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 89,38 Gb Total Space | 28,67 Gb Free Space | 32,07% Space Free | Partition Type: NTFS
Drive D: | 198,70 Gb Total Space | 4,56 Gb Free Space | 2,30% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.24 12:14:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.07.16 13:24:06 | 000,021,432 | ---- | M] () -- D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.07.16 13:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- D:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.07.16 13:23:56 | 000,975,800 | ---- | M] (Samsung) -- D:\Programme\Samsung\Kies\Kies.exe
PRC - [2012.05.15 12:54:32 | 000,276,872 | ---- | M] (hxxp://tortoisesvn.net) -- D:\Programme\TortoiseSVN\bin\TSVNCache.exe
PRC - [2012.05.08 19:36:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:35:57 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.08 19:35:56 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 19:35:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.03.22 12:14:16 | 000,452,880 | ---- | M] (SANDBOXIE L.T.D) -- D:\Programme\Sandboxie\SbieCtrl.exe
PRC - [2012.03.22 12:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- D:\Programme\Sandboxie\SbieSvc.exe
PRC - [2012.01.12 11:59:26 | 002,789,280 | ---- | M] (Binary Fortress Software) -- D:\Programme\DisplayFusion\DisplayFusion.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.27 20:14:52 | 000,034,904 | ---- | M] () -- C:\Windows\System32\nwtray.exe
PRC - [2011.11.27 20:14:52 | 000,016,984 | ---- | M] (Novell, Inc.) -- C:\Programme\Novell\Client\XTier\Services\xtsvcmgr.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 10:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.09.22 17:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2011.09.22 17:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.09.20 22:20:56 | 003,326,976 | ---- | M] (ANSYS, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
PRC - [2010.09.20 22:20:56 | 001,840,128 | ---- | M] (ANSYS, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansysli_monitor.exe
PRC - [2010.09.01 16:56:54 | 000,254,004 | ---- | M] (ZF Electronics GmbH) -- C:\Programme\Cherry\KeyMan\KeyMan.exe
PRC - [2010.08.25 15:09:24 | 000,577,582 | ---- | M] (ZF Electronics GmbH) -- C:\Programme\Cherry\CDI\cdi.exe
PRC - [2010.07.26 03:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010.04.28 18:32:36 | 001,664,512 | ---- | M] (ANSYS, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansyslmd.exe
PRC - [2010.04.28 17:30:55 | 001,334,096 | ---- | M] (Flexera Software, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\lmgrd.exe
PRC - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.06.01 12:12:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- D:\Programme\Cisco VPN Client\cvpnd.exe
PRC - [2008.05.23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.05.23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.05.22 10:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.04.25 14:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008.04.17 08:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.12 06:19:52 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008.02.12 06:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:25:07 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 04:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.19 16:57:26 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f680a94891833af168ba32a06e22ed3e\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2012.07.19 16:57:25 | 014,336,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\4d87d775fe42967b4f8cd11ee5252863\Kies.Theme.ni.dll
MOD - [2012.07.19 16:57:25 | 000,506,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\d2bc057169af41354b280376edbb0755\Kies.Common.MediaDB.ni.dll
MOD - [2012.07.19 16:57:23 | 000,275,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\1c17bc03b5ad69423cbc5e4083422808\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2012.07.19 16:57:23 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\0d10782d5bb3202de9f6ac5525e2e4dd\Kies.Common.AllShare.ni.dll
MOD - [2012.07.19 16:57:22 | 000,563,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c110809ea71a0da915bff8c3564de677\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2012.07.19 16:57:22 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\9b1193903f06caa02f285505fc6b120b\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2012.07.19 16:57:21 | 000,561,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6ce4f1fa8f860381b026c8b22849fc1c\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2012.07.19 16:57:20 | 000,894,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a80d64713a7f3e5e23bf40495dbc55f3\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2012.07.19 16:57:18 | 002,187,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\da8ddf39dd8a4761b8a1e7157484ed58\Kies.Common.Multimedia.ni.dll
MOD - [2012.07.19 16:57:17 | 001,011,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\fb2290f722e5555cf91381929ca923bf\Kies.Common.DeviceService.ni.dll
MOD - [2012.07.19 16:57:13 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\9d5f73031e82f2c167795a8f97a0639b\Kies.Common.MainUI.ni.dll
MOD - [2012.07.19 16:57:12 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\7d995cd7f459b3f347fcb35470726b0b\Kies.Common.DBManager.ni.dll
MOD - [2012.07.19 16:57:11 | 000,261,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\cfd7afc6f4c348121fc98fee8c32f0e1\Kies.Common.Util.ni.dll
MOD - [2012.07.19 16:57:09 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\f4f035d7d0d6e3bfba6032a3fbfdb140\Kies.ni.exe
MOD - [2012.07.19 16:57:09 | 001,689,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7500c4d25baa63d88698f97d1824fa78\Kies.UI.ni.dll
MOD - [2012.07.16 13:24:06 | 000,021,432 | ---- | M] () -- D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.07.13 12:17:11 | 000,115,137 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2012.07.13 12:14:58 | 000,194,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\4401f8d840e3d7a09d7f555a53d713ef\ASF_cSharpAPI.ni.dll
MOD - [2012.07.13 12:14:58 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\7659186cf36ec04feb3156802c29507d\Kies.Common.StoreManager.ni.dll
MOD - [2012.07.13 12:14:57 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AdminCmdAgent\8c8e5aa9d6ccbb5d34bc24fb6c626953\AdminCmdAgent.ni.dll
MOD - [2012.07.13 12:14:52 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d94dc15b2daff1d72d41f1def3a0b021\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2012.07.13 12:14:48 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2012.07.13 12:14:47 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\ef9f4aaffdadfc31070e1a838951b277\Interop.PRPLAYERCORELib.ni.dll
MOD - [2012.07.13 12:14:44 | 001,381,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7a59be2dfd1d3f99b3489eea8df66016\Kies.Locale.ni.dll
MOD - [2012.07.13 12:14:43 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\adb0105c92aaf42f571a2fd25a4228a9\Kies.MVVM.ni.dll
MOD - [2012.07.13 12:14:41 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\3f6f79987f17c00edce423932abd1cf2\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2012.07.13 12:14:38 | 001,181,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\73962fb5234895e46e79de6e1711d093\Kies.Interface.ni.dll
MOD - [2012.07.01 22:07:06 | 000,036,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.CmdAgentLib\7fc3c42741a72b2e85996570a0bf76ec\Interop.CmdAgentLib.ni.dll
MOD - [2012.07.01 22:07:00 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\96cb2ec6e8aeaacd26c6034d876f3ac2\Interop.DevFileServiceLib.ni.dll
MOD - [2012.07.01 22:06:48 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012.07.01 22:06:45 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2012.07.01 22:06:43 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2012.07.01 22:06:33 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\2d7161baa59dd2c1c39f4a192d760e7d\ICSharpCode.SharpZipLib.ni.dll
MOD - [2012.07.01 22:06:33 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll
MOD - [2012.07.01 22:06:29 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\9a6bad5be6518d4a975893676a49a82c\Interop.DeviceSearchLib.ni.dll
MOD - [2012.07.01 22:06:07 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll
MOD - [2012.07.01 22:05:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll
MOD - [2012.07.01 22:05:22 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.07.01 21:54:01 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012.07.01 21:54:00 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012.07.01 21:53:30 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012.07.01 21:53:25 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.07.01 21:53:24 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.07.01 21:53:08 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012.07.01 21:53:02 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.07.01 21:52:56 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.07.01 21:52:51 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012.07.01 21:52:49 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.07.01 21:52:39 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012.06.13 21:48:34 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.13 21:36:35 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.06.13 21:24:24 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.13 21:24:10 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.15 12:54:16 | 000,070,536 | ---- | M] () -- D:\Programme\TortoiseSVN\bin\libsasl32.dll
MOD - [2012.05.10 15:28:19 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012.05.10 15:26:45 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\442135bc0b503b42ab2d752c23bea631\System.Security.ni.dll
MOD - [2012.05.10 10:59:14 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.10 10:57:09 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.10 10:56:57 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.01.09 20:44:20 | 000,166,912 | ---- | M] () -- D:\Programme\WinRAR\RarExt.dll
MOD - [2011.11.27 20:14:52 | 000,907,352 | ---- | M] () -- C:\Windows\System32\ncnetprovider.dll
MOD - [2011.11.27 20:14:52 | 000,230,488 | ---- | M] () -- C:\Windows\System32\nwshlxnt.dll
MOD - [2011.11.27 20:14:52 | 000,156,760 | ---- | M] () -- C:\Windows\System32\mapbase.dll
MOD - [2011.11.27 20:14:52 | 000,092,760 | ---- | M] () -- C:\Windows\System32\nclangid.dll
MOD - [2011.11.27 20:14:52 | 000,034,904 | ---- | M] () -- C:\Windows\System32\nwtray.exe
MOD - [2011.11.27 19:43:38 | 000,487,936 | ---- | M] () -- C:\Windows\System32\nls\english\ncnetproviderr.dll
MOD - [2011.11.27 19:42:44 | 000,101,376 | ---- | M] () -- C:\Windows\System32\nls\english\nwshlxntr.dll
MOD - [2011.11.27 19:42:08 | 000,086,016 | ---- | M] () -- C:\Windows\System32\nls\english\mapbaser.dll
MOD - [2011.11.27 19:38:56 | 000,015,872 | ---- | M] () -- C:\Windows\System32\nls\english\nclangidr.dll
MOD - [2010.06.13 23:54:28 | 000,094,208 | ---- | M] () -- D:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2009.06.02 15:00:00 | 000,093,696 | ---- | M] () -- D:\Programme\UltraEdit\ue32ctmn.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
MOD - [2006.02.22 16:47:44 | 000,073,728 | ---- | M] () -- C:\Programme\Cherry\KeyMan\zlib1.dll
MOD - [2006.02.22 16:47:16 | 000,114,688 | ---- | M] () -- C:\Programme\Cherry\KeyMan\libpng13.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.18 15:33:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 19:36:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:35:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.03.22 12:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.27 20:14:52 | 000,016,984 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Programme\Novell\Client\XTier\Services\xtsvcmgr.exe -- (XTSvcMgr)
SRV - [2011.10.18 00:11:03 | 001,673,520 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\DIAL GmbH\DIAL Communication Framework\DialComService.exe -- (DialComService)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.09.22 17:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2011.09.22 17:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2011.09.22 17:17:26 | 000,370,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2011.09.22 17:17:26 | 000,255,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$AUTODESKVAULT)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.09.20 22:20:56 | 003,326,976 | ---- | M] (ANSYS, Inc.) [Auto | Running] -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe -- (ANSYS, Inc. License Manager)
SRV - [2010.08.25 15:09:24 | 000,577,582 | ---- | M] (ZF Electronics GmbH) [On_Demand | Running] -- C:\Programme\Cherry\CDI\cdi.exe -- (Cherry Device Interface)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.11.16 19:12:10 | 000,079,360 | ---- | M] (SolidWorks) [Disabled | Stopped] -- C:\Programme\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009.07.21 04:04:00 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.06.01 12:12:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.10.13 20:01:55 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008.06.19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- D:\Programme\Cisco VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.05.23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.05.23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.05.13 01:47:20 | 000,077,480 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:25:07 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)
SRV - [2005.09.23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017unic.sys -- (s0017unic)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017obex.sys -- (s0017obex)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017nd5.sys -- (s0017nd5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017mgmt.sys -- (s0017mgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017mdm.sys -- (s0017mdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017mdfl.sys -- (s0017mdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017bus.sys -- (s0017bus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\NSNDIS5.SYS -- (NSNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- SYSTEM32\drivers\DS1410D.SYS -- (DS1410D)
DRV - [2012.07.23 14:06:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.06.26 16:02:36 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012.06.03 20:26:36 | 000,134,928 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012.05.21 04:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.05.21 04:09:00 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.05.08 19:36:01 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:36:01 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.05.04 09:41:24 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2012.04.22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.11.27 20:14:52 | 000,111,192 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\ncrecognizer.sys -- (NCRecognizer)
DRV - [2011.11.27 20:14:52 | 000,091,736 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\ncfilter.sys -- (NCFilter)
DRV - [2011.11.27 20:14:52 | 000,090,712 | ---- | M] () [File_System | Auto | Running] -- C:\Programme\Novell\Client\XTier\Drivers\ncfsd.sys -- (NCFSD)
DRV - [2011.11.27 20:14:52 | 000,066,136 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\ndmndap.sys -- (ndmndap)
DRV - [2011.11.27 20:14:52 | 000,065,112 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nciom.sys -- (nciom)
DRV - [2011.11.27 20:14:52 | 000,064,088 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\ncp.sys -- (ncp)
DRV - [2011.11.27 20:14:52 | 000,060,504 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\Novell\Client\XTier\Drivers\ncioctl.sys -- (NCIOCTL)
DRV - [2011.11.27 20:14:52 | 000,045,656 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nipctl.sys -- (nipctl)
DRV - [2011.11.27 20:14:52 | 000,045,144 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\xtxplat.sys -- (xtxplat)
DRV - [2011.11.27 20:14:52 | 000,041,048 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\ncpl.sys -- (ncpl)
DRV - [2011.11.27 20:14:52 | 000,030,808 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\niam.sys -- (niam)
DRV - [2011.11.27 20:14:52 | 000,028,760 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nsvccost.sys -- (nsvccost)
DRV - [2011.11.27 20:14:52 | 000,027,224 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nscm.sys -- (nscm)
DRV - [2011.11.27 20:14:52 | 000,027,224 | ---- | M] (Novell, Inc.) [Kernel | System | Running] -- C:\Programme\Novell\Client\XTier\Drivers\nicm.sys -- (NICM)
DRV - [2011.11.27 20:14:52 | 000,022,616 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\ncuncfilter.sys -- (NCUncFilter)
DRV - [2011.11.27 20:14:52 | 000,022,104 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nsns.sys -- (nsns)
DRV - [2011.11.27 20:14:52 | 000,018,520 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\ndm.sys -- (ndm)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2011.07.29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011.07.29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011.07.08 01:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.01.18 17:38:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2010.07.30 09:47:40 | 000,054,528 | ---- | M] (ZF Electronics GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ch2kPS2M.sys -- (Ch2kPS2M)
DRV - [2010.07.14 13:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.06 01:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2009.06.04 18:41:02 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009.06.04 18:41:02 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.02.27 23:38:40 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.02.27 23:38:30 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008.08.09 20:31:10 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.06.25 07:26:34 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2008.06.19 18:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.05.20 21:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.05.08 11:51:18 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.03.28 12:19:54 | 001,363,088 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2008.01.24 11:41:34 | 000,130,560 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ch2kPS2.sys -- (Ch2kPS2)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.08.23 09:29:06 | 000,112,512 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ch2kUSB.sys -- (Ch2kUSB)
DRV - [2007.01.29 07:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\..\SearchScopes,DefaultScope = {25A74407-F8E8-429E-BF07-7A00F314FAD7}
IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\..\SearchScopes\{25A74407-F8E8-429E-BF07-7A00F314FAD7}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.8
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {7c6d11c6-41b5-11dc-8314-0800200c9a66}:1.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.03.05 12:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.07.18 15:33:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.06.18 11:28:02 | 000,000,000 | ---D | M]
 
[2008.08.07 21:30:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.07.18 16:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions
[2010.04.28 05:26:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.04 19:47:06 | 000,000,000 | ---D | M] (GA?) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\{7c6d11c6-41b5-11dc-8314-0800200c9a66}
[2012.05.21 08:13:14 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.06.21 07:14:51 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\https-everywhere@eff.org
[2012.05.21 08:13:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\ich@maltegoetz.de
[2012.03.05 12:37:01 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2012.02.12 12:34:45 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NC71XMT7.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.06.21 10:47:11 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NC71XMT7.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2012.06.18 11:28:10 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2012.07.16 17:50:00 | 000,444,198 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1      adlimg24.com
O1 - Hosts: 127.0.0.1      www.adlimg24.com
O1 - Hosts: 127.0.0.1      dmwd.com
O1 - Hosts: 127.0.0.1      www.dmwd.com
O1 - Hosts: 127.0.0.1      ads1.dmwd.com
O1 - Hosts: 127.0.0.1      ad1.dmwd.com
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.123topsearch.com
O1 - Hosts: 15260 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - d:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CherryKeyMan] C:\Program Files\Cherry\KeyMan\KeyMan.exe (ZF Electronics GmbH)
O4 - HKLM..\Run: [KiesTrayAgent] D:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NWTRAY] C:\Windows\System32\nwtray.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: []  File not found
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [Akamai NetSession Interface] C:\Users\***\AppData\Local\Akamai\netsession_win.exe File not found
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [DisplayFusion] D:\Programme\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [KiesAirMessage] D:\Programme\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [KiesHelper] D:\Programme\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [KiesPDLR] D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [KiesPreload] D:\Programme\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [SandboxieControl] D:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1026..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Miranda IM.lnk = D:\Programme\Miranda IM\miranda32.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {0427F569-3D57-4F10-B9FB-8D71A6A7BE24} file:///C:/Users/***/AppData/Local/Temp/FV2GA4/frmeditor.ocx (FormelEditor Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D63BB5D6-83F2-4FF7-B6D2-5077BD3BFECC}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\DisplayFusion\Wallpaper_2.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\DisplayFusion\Wallpaper_2.jpg
O30 - LSA: Authentication Packages - (ncv1_0) - C:\Windows\System32\ncv1_0.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{48f5aa25-d296-11de-840d-001f3ad0f344}\Shell - "" = AutoRun
O33 - MountPoints2\{48f5aa25-d296-11de-840d-001f3ad0f344}\Shell\AutoRun\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{48f5aa25-d296-11de-840d-001f3ad0f344}\Shell\configure\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{48f5aa25-d296-11de-840d-001f3ad0f344}\Shell\install\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{493b8ce5-7db1-11e1-9eb5-af02a593ae9a}\Shell - "" = AutoRun
O33 - MountPoints2\{493b8ce5-7db1-11e1-9eb5-af02a593ae9a}\Shell\AutoRun\command - "" = G:\SISetup.exe
O33 - MountPoints2\{c01de28e-afc4-11e1-8f30-df05454c827e}\Shell - "" = AutoRun
O33 - MountPoints2\{c01de28e-afc4-11e1-8f30-df05454c827e}\Shell\AutoRun\command - "" = H:\iStudio.exe
O33 - MountPoints2\{fb2ba953-25ff-11de-8289-001f3ad0f344}\Shell - "" = AutoRun
O33 - MountPoints2\{fb2ba953-25ff-11de-8289-001f3ad0f344}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.24 12:14:33 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.23 18:53:14 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.07.23 14:06:04 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.23 14:06:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.07.23 14:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.23 14:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.23 14:05:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.23 14:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.23 14:04:50 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.18 14:54:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TortoiseSVN
[2012.07.18 14:42:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TSVNCache
[2012.07.18 14:36:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Subversion
[2012.07.18 14:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
[2012.07.18 14:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2012.07.14 00:10:52 | 000,000,000 | ---D | C] -- C:\Users\***\.android
[2012.07.14 00:10:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
[2012.07.01 23:44:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SelfMV
[2012.07.01 23:39:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MDG
[2012.07.01 23:31:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Temp
[2012.07.01 22:21:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Samsung
[2012.07.01 22:21:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Samsung
[2012.07.01 22:20:57 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\samsung
[2012.07.01 22:04:26 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012.07.01 22:04:26 | 000,080,824 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012.07.01 22:00:27 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012.07.01 21:59:39 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012.07.01 21:59:39 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2012.07.01 21:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2012.07.01 21:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012.07.01 21:49:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.01 21:46:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.24 12:14:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.24 12:13:31 | 000,858,828 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.24 12:13:31 | 000,797,570 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.24 12:13:31 | 000,215,302 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.24 12:13:31 | 000,179,554 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.24 12:06:54 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 12:06:54 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 12:06:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.24 12:05:38 | 000,013,632 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.24 12:05:08 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.07.24 12:03:50 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.07.23 18:53:18 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.07.23 18:44:38 | 000,001,928 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.07.23 14:06:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.23 14:05:44 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.23 14:04:57 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.23 13:39:00 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.07.23 09:36:29 | 000,194,560 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.16 17:50:00 | 000,444,198 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.07.13 00:24:32 | 000,011,527 | ---- | M] () -- C:\Users\***\gsview32.ini
[2012.07.11 23:57:08 | 000,167,936 | ---- | M] () -- C:\Users\***\Documents\Excel2LaTeX.xla
[2012.07.11 00:37:28 | 002,470,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.11 00:32:49 | 367,189,208 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.06 13:47:40 | 000,088,302 | ---- | M] () -- C:\Windows\FontData.fdb
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.26 16:03:06 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012.06.26 16:02:36 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012.06.26 16:02:36 | 000,020,032 | ---- | M] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2012.06.24 21:03:20 | 000,021,504 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.24 12:04:40 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.07.24 12:03:49 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.07.23 14:05:44 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.12 00:04:57 | 000,167,936 | ---- | C] () -- C:\Users\***\Documents\Excel2LaTeX.xla
[2012.06.03 20:25:52 | 000,001,928 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.05.05 10:38:35 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012.05.05 10:38:34 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012.05.05 10:38:34 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012.05.05 10:38:34 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012.05.05 10:38:34 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012.04.03 19:56:30 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2012.04.03 19:56:30 | 000,147,456 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2012.04.03 19:56:14 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.dll
[2012.04.03 19:56:11 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2012.04.03 19:56:08 | 000,054,272 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2012.03.21 18:12:55 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2012.03.09 11:28:33 | 000,498,589 | ---- | C] () -- C:\Users\***\LifeHacks.jpg
[2012.03.04 22:28:54 | 000,001,855 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.02.27 19:08:04 | 004,384,161 | ---- | C] () -- C:\Users\***\T-Touch manual.pdf
[2012.02.22 17:13:33 | 000,000,092 | ---- | C] () -- C:\Windows\Dialux.ini
[2012.02.19 23:14:43 | 000,007,696 | ---- | C] () -- C:\Users\***\untitled1_MAS.bak
[2011.11.27 20:14:52 | 001,832,536 | ---- | C] () -- C:\Windows\System32\noveap.dll
[2011.11.27 20:14:52 | 000,907,352 | ---- | C] () -- C:\Windows\System32\ncnetprovider.dll
[2011.11.27 20:14:52 | 000,662,104 | ---- | C] () -- C:\Windows\System32\ncloginui.dll
[2011.11.27 20:14:52 | 000,424,024 | ---- | C] () -- C:\Windows\System32\nccredprovider.dll
[2011.11.27 20:14:52 | 000,230,488 | ---- | C] () -- C:\Windows\System32\nwshlxnt.dll
[2011.11.27 20:14:52 | 000,185,944 | ---- | C] () -- C:\Windows\System32\lgnwnt32.dll
[2011.11.27 20:14:52 | 000,156,760 | ---- | C] () -- C:\Windows\System32\mapbase.dll
[2011.11.27 20:14:52 | 000,111,192 | ---- | C] () -- C:\Windows\System32\drivers\ncrecognizer.sys
[2011.11.27 20:14:52 | 000,092,760 | ---- | C] () -- C:\Windows\System32\nclangid.dll
[2011.11.27 20:14:52 | 000,091,736 | ---- | C] () -- C:\Windows\System32\drivers\ncfilter.sys
[2011.11.27 20:14:52 | 000,039,512 | ---- | C] () -- C:\Windows\System32\ncv1_0.dll
[2011.11.27 20:14:52 | 000,034,904 | ---- | C] () -- C:\Windows\System32\nwtray.exe
[2011.11.27 20:14:52 | 000,026,200 | ---- | C] () -- C:\Windows\System32\loginw32.exe
[2011.11.27 20:14:52 | 000,022,616 | ---- | C] () -- C:\Windows\System32\drivers\ncuncfilter.sys
[2011.11.27 20:14:52 | 000,014,424 | ---- | C] () -- C:\Windows\System32\nccredlogonext.dll
[2011.03.07 00:04:52 | 000,017,708 | ---- | C] () -- C:\Users\***\temp.rar
[2010.04.11 20:47:10 | 000,021,504 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2009.11.16 00:45:46 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\Temptable.xml
[2009.07.20 16:52:12 | 000,000,093 | ---- | C] () -- C:\Users\***\psv.ini
[2009.07.10 13:08:05 | 000,011,527 | ---- | C] () -- C:\Users\***\gsview32.ini
[2009.06.07 19:19:38 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.05.31 13:28:05 | 000,022,420 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2008.09.12 12:19:23 | 000,015,503 | ---- | C] () -- C:\Users\***\Telekom Shop Bankverbindung.html
[2008.08.07 16:13:33 | 000,194,560 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2012.02.04 07:14:50 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\Cherry
[2010.05.07 21:29:46 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\ICAClient
[2011.03.27 06:30:39 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\IM
[2011.01.23 12:11:17 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\Nokia
[2011.01.23 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\Nokia Ovi Suite
[2011.01.23 12:06:12 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\PC Suite
[2012.07.20 19:28:56 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\Subversion
[2011.03.22 20:17:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ansys
[2010.01.22 23:23:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk
[2010.08.17 21:13:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BlackBean
[2011.01.27 19:45:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CADClick
[2011.05.15 22:33:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2009.07.01 22:19:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.01.30 09:23:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cherry
[2008.08.09 20:30:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools
[2010.02.01 13:23:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DassaultSystemes
[2012.06.18 23:20:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DisplayFusion
[2012.05.03 21:33:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2010.02.01 13:27:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EDrawings
[2009.07.09 14:08:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eXPert PDF Editor
[2010.01.18 15:02:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Faustkeil
[2011.07.18 14:01:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.04.14 21:47:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2010.05.04 17:50:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICAClient
[2012.02.01 11:03:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2012.05.04 15:09:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IM
[2012.03.04 22:29:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2012.04.14 22:57:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2011.06.19 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ITI GmbH
[2012.05.28 00:21:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media
[2010.10.06 21:27:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.08.31 10:25:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2010.01.23 01:13:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Luxology
[2012.02.10 19:13:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.02.14 10:27:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NoNameScript
[2009.06.15 15:27:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2009.05.31 13:28:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2012.07.19 16:54:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2008.09.05 12:50:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2011.12.03 11:43:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SFBot
[2012.07.18 14:36:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2012.04.02 16:34:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2012.07.01 23:45:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2011.07.24 21:16:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity
[2011.02.06 22:31:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinEdt Team
[2012.02.28 01:33:21 | 000,000,000 | ---D | M] -- C:\Users\***AndererAccMitUserRechten***\AppData\Roaming\Cherry
[2012.02.28 01:31:21 | 000,000,000 | ---D | M] -- C:\Users\***AndererAccMitUserRechten***\AppData\Roaming\PC Suite
[2012.07.24 12:05:45 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\***\Desktop\bernie_MotoGP_BestOf.avi:TOC.WMV

< End of report >
Was mir dabei aufgefallen ist:
MusicCityDownload.exe im Windowsordner scheint wohl von Kies (iTunes-Ersatz von Samsung) zu kommen. ( hxxp://gadgets.itwriting.com/971-why-is-musiccitydownload-exe-in-my-windows-folder.html )
OTL-Extras:
Code:
OTL Extras logfile created on: 24.07.2012 12:15:21 - Run 1
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,46% Memory free
6,19 Gb Paging File | 4,61 Gb Available in Paging File | 74,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 89,38 Gb Total Space | 28,67 Gb Free Space | 32,07% Space Free | Partition Type: NTFS
Drive D: | 198,70 Gb Total Space | 4,56 Gb Free Space | 2,30% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- D:\Programme\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- D:\Programme\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1614058835-672721566-3778044925-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]|
"{FA47EC7E-4AA0-420B-89C3-C6F5C368A6F4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B3B4516-6AF8-4175-9DB9-AD76926A0979}" = dir=in | app=d:\programme\skype\phone\skype.exe |
"{0DA83F54-2434-4BA8-A531-32D36424E728}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{30394370-CD25-4DD3-8B2E-A0320B2579E5}" = protocol=6 | dir=in | app=d:\programme\displayfusion\displayfusion.exe |
"{327DAE70-5151-43D2-9FDD-02B01DA942F0}" = protocol=17 | dir=in | app=d:\programme\displayfusion\displayfusion.exe |
"{3F9ECE31-3833-491C-BD8F-7AA823350A8D}" = protocol=6 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\math.exe |
"{47A11383-4D64-409E-A95B-DB9502A25CD0}" = protocol=6 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\mathkernel.exe |
"{4BC00A92-7392-4955-8571-E7D79776D9E1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5394D5A6-272B-4CFC-9085-6B4FA8F2FD17}" = protocol=17 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\mathematica.exe |
"{5C5D490D-BA6A-47E5-9E3D-77DEC8677F8E}" = protocol=17 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\mathkernel.exe |
"{6C23E28D-EAAF-45F8-A132-4523748808E6}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{8AC3DB58-5918-4583-91BF-3A7AE2392B2E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8FDD2DFB-93CE-4550-A7E3-E01EF8E0604D}" = protocol=6 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\mathematica.exe |
"{9FA25F3E-A1E5-42D6-8754-8AEAD6FE7648}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{A0DA9464-8B44-4C62-B6A6-69BBADFFE6F0}" = protocol=17 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\math.exe |
"{B4A27011-54EE-4ABF-8EF1-B256113E208B}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{B77E7455-5E8E-4A95-B001-B2D770224ACE}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{B841D5E1-4F92-4A7E-B7BB-25E3416C4B87}" = dir=in | app=d:\spiele\port royale 3\portroyale3.exe |
"{BA568739-211D-4395-BCE5-339586B1FD74}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D5ACFD9A-E4DE-40B5-B1D2-1BA3F92F5772}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{D74D42CA-414E-445D-A482-6CA5425ACF3D}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{E1F406D7-9580-47E5-99FC-8FD2E8683AE2}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{EAA0EF14-2BBC-4D08-9CA4-7219CFE5FB02}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{F2E9649C-87B0-4064-8EE9-5652B4811629}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{0003BF3D-4ADD-40CC-A0A2-B9DA1DF80E9B}D:\spiele\counter strike\hl.exe" = protocol=6 | dir=in | app=d:\spiele\counter strike\hl.exe |
"TCP Query User{066B394A-C83F-448D-9C8B-1ECFD51B809B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{072BF13F-F4F9-4D0D-8E57-644F17BB098F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{0F806D5F-5F63-4DC3-8F23-7ECEC69A2E40}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{11C5A31C-4DF6-4F72-A2A8-1A8AB012AB8F}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"TCP Query User{139E875D-9716-4A53-8BC0-C5BA9010E072}D:\programme\maple 15\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\programme\maple 15\jre\bin\maple.exe |
"TCP Query User{20356FB0-A3E9-4343-8FE9-F8760EABFC05}D:\programme\maple 12\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\programme\maple 12\jre\bin\maple.exe |
"TCP Query User{24642AD8-ECA2-4F48-8C93-1305DEC72BB0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{267FDCA5-E355-4676-857A-EC61A4690FEB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2A35A38C-305C-4F66-BC02-E813E58B8536}D:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe |
"TCP Query User{3320EBAD-44C1-49E2-A6B6-14753539EC90}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{43F4406F-AF14-4B0C-961C-D4F0E0B0D189}D:\programme\autodesk\inventor 2010\bin\inventor.exe" = protocol=6 | dir=in | app=d:\programme\autodesk\inventor 2010\bin\inventor.exe |
"TCP Query User{47601E78-31B8-4D81-8F82-C9C71902C854}D:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe |
"TCP Query User{58214E82-4186-42AF-B3CE-BD431F72DBD4}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"TCP Query User{5831E173-CA42-4FF2-BB76-C899871EFA32}D:\programme\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\programme\miranda im\miranda32.exe |
"TCP Query User{60DA34A1-1658-485C-8BDF-9B22156295A8}D:\programme\ansys inc\v130\aisol\bin\intel\ansyswbu.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\aisol\bin\intel\ansyswbu.exe |
"TCP Query User{65B98C32-2635-4E83-A367-780BE9F6D6EE}D:\programme\maple 12\jre\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\maple 12\jre\bin\java.exe |
"TCP Query User{69B9C597-8903-4512-A98A-FFBEEA88A3F3}D:\programme\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\programme\miranda im\miranda32.exe |
"TCP Query User{74713D6F-C83C-47B8-BC3A-D4F3A26A6476}C:\program files\ansys inc\shared files\licensing\win32\ansyslmd.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\win32\ansyslmd.exe |
"TCP Query User{75F9AA11-6367-45F9-8BD1-73E6637ADFF1}D:\spiele\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=d:\spiele\anno 1701\anno1701.exe |
"TCP Query User{79FDAA71-A69F-4DE9-9471-7D140396E9B4}D:\download\netscan.exe" = protocol=6 | dir=in | app=d:\download\netscan.exe |
"TCP Query User{7C6B9D0A-A24F-49A4-8FFA-CEF99296ABA1}D:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii\war3.exe |
"TCP Query User{8E52B57A-0CDB-49BF-973B-6B2D945C9C04}D:\programme\ansys inc\shared files\licensing\win32\ansysli_client.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\shared files\licensing\win32\ansysli_client.exe |
"TCP Query User{902E698B-1432-4423-B1DB-6D55086E714C}D:\programme\ansys inc\v130\rsm\bin\ans.rsm.admin.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\rsm\bin\ans.rsm.admin.exe |
"TCP Query User{92EB2E50-AF5D-429C-8AF5-C103AAC43381}D:\programme\ansys inc\v130\framework\bin\win32\ansysfww.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\framework\bin\win32\ansysfww.exe |
"TCP Query User{92FECA96-B18A-4402-85CD-BBE293C98B30}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{9433A55A-F287-484E-9634-B447959915F3}D:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe |
"TCP Query User{9962F9F9-BD43-4C64-9623-522D5592647D}D:\programme\icq6\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6\icq.exe |
"TCP Query User{A33D55C0-F959-4E40-85A9-B4EB2119E185}C:\program files\ansys inc\shared files\licensing\win32\lmgrd.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\win32\lmgrd.exe |
"TCP Query User{A3826CF1-9126-41FB-A920-319A46522F6D}D:\spiele\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\spiele\fifa 11\game\fifa.exe |
"TCP Query User{A81D10CD-AC50-42B5-AD53-F7B043584071}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{B192334C-4E5F-44D1-BE85-6EBD98192276}C:\program files\matlab\r2008a\bin\win32\matlab.exe" = protocol=6 | dir=in | app=c:\program files\matlab\r2008a\bin\win32\matlab.exe |
"TCP Query User{B793AF81-5456-45D7-B421-37FF8C999BE0}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{B839459C-885A-47A5-B2BE-B95C89998B9D}D:\programme\ansys inc\v130\rsm\bin\ans.rsm.jmhost130.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\rsm\bin\ans.rsm.jmhost130.exe |
"TCP Query User{B99DDAD1-57AD-4528-8F8D-3CA5478BCBA0}D:\programme\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\programme\mirc\mirc.exe |
"TCP Query User{BA2E4EE0-5903-46A1-A57A-147602C7AA49}D:\programme\maple 15\jre\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\maple 15\jre\bin\java.exe |
"TCP Query User{BB587C3A-53DF-4289-833E-94043EACF46A}D:\programme\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\programme\vlc\vlc.exe |
"TCP Query User{BED53A40-135B-4C12-A6BF-B501BC74EFA2}D:\programme\autodesk\inventor 2010\bin\inventor.exe" = protocol=6 | dir=in | app=d:\programme\autodesk\inventor 2010\bin\inventor.exe |
"TCP Query User{C05D47B8-0E8E-40C8-896B-0BD825257CD6}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{C0C4F851-9CE2-438A-BED9-6CB496092A7B}D:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe |
"TCP Query User{CCB20D30-A6CF-449A-BBC0-5FE316D241EF}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{CD2B0195-38BF-4C59-A94A-1727CDC21B8F}D:\programme\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=d:\programme\mozilla firefox\firefox.exe |
"TCP Query User{CF6D348A-00CA-4839-88D9-1EBD487555C4}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{CFF45F06-BA13-4637-838E-9A3744EB6EB6}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{D496F622-9DB2-439D-8E40-59724BAA656D}D:\fussball manager 10\eadm\core.exe" = protocol=6 | dir=in | app=d:\fussball manager 10\eadm\core.exe |
"TCP Query User{D5FEF2BC-44EE-41B3-BDD3-6C8C84675691}C:\program files\ansys inc\v110\cfx\bin\winnt\postgui_ogl.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v110\cfx\bin\winnt\postgui_ogl.exe |
"TCP Query User{DB1E6449-1798-430C-A748-8BC8BF7CC363}D:\programme\icq6\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6\icq.exe |
"TCP Query User{DEF745D3-8548-453B-AA22-2A47A224DA0E}D:\programme\maple 12\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\programme\maple 12\jre\bin\maple.exe |
"TCP Query User{E0A054D4-B739-436C-8AF5-10E46C5CADA2}D:\spiele\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\gta iv\grand theft auto iv\gtaiv.exe |
"TCP Query User{E1CA6D17-2407-4BB2-A38C-945689E0A4AB}D:\programme\maple 15\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\programme\maple 15\jre\bin\maple.exe |
"TCP Query User{EE979F44-5424-4648-8F2F-07C8CD8B4E0E}D:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe |
"TCP Query User{F0E0F089-8ADC-4B0E-B6F7-3C593901F369}D:\programme\maple 12\jre\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\maple 12\jre\bin\java.exe |
"TCP Query User{F1EC132A-AEF7-4B57-AFA2-B455032D27A1}D:\spiele\cs_cz\hl.exe" = protocol=6 | dir=in | app=d:\spiele\cs_cz\hl.exe |
"TCP Query User{F7880671-102F-48A7-A189-6249F0B3CDFF}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"TCP Query User{FB82486B-6B36-4ACF-ACFE-E1BDAC519420}D:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe |
"UDP Query User{025213D8-15FD-45C4-8C3E-8CCDE7859DBB}D:\programme\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\programme\miranda im\miranda32.exe |
"UDP Query User{0CE54713-BEEB-4436-BC4A-D9EAAEFE5EC9}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"UDP Query User{0DCA51AE-5DD5-4C8E-AAF4-0A79307EC3F6}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{0F0E6559-BCAD-453F-B23C-D260C83908A1}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{10918ACA-E292-40E9-B5AD-C78046E50BDE}D:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii\war3.exe |
"UDP Query User{183C5FD4-2F26-4285-A545-D09684D3EA3F}D:\programme\ansys inc\v130\framework\bin\win32\ansysfww.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\framework\bin\win32\ansysfww.exe |
"UDP Query User{195C55EE-A0D0-4428-91DF-BA8737F63121}D:\programme\maple 12\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\programme\maple 12\jre\bin\maple.exe |
"UDP Query User{1975D4E8-557E-4555-AFED-97F628BCEAE0}D:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe |
"UDP Query User{252B076B-434B-42F6-8EA6-55EFE296BEAB}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{2535B131-14F3-4FBA-B097-4F793897361D}D:\programme\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\programme\mirc\mirc.exe |
"UDP Query User{264C8DE6-A27A-4B4D-B0ED-A0D33F3E395E}D:\programme\ansys inc\v130\rsm\bin\ans.rsm.jmhost130.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\rsm\bin\ans.rsm.jmhost130.exe |
"UDP Query User{2D8C660A-18D9-43F0-B059-EF3BFEBE771E}D:\programme\ansys inc\v130\rsm\bin\ans.rsm.admin.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\rsm\bin\ans.rsm.admin.exe |
"UDP Query User{2E2AAACA-15AD-46E0-9167-41D74E3B4952}D:\programme\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\programme\vlc\vlc.exe |
"UDP Query User{33E4203E-43AB-4AD3-81B1-058C97D57C75}D:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe |
"UDP Query User{344D6A53-9035-4C46-B8F0-68281633984C}C:\program files\ansys inc\v110\cfx\bin\winnt\postgui_ogl.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v110\cfx\bin\winnt\postgui_ogl.exe |
"UDP Query User{36D02F34-ECAA-48B0-9130-B517F16B6143}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{3C231996-6B11-451C-84C6-9A9348B716C0}D:\spiele\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\gta iv\grand theft auto iv\gtaiv.exe |
"UDP Query User{441DF08D-8D26-4255-AAEE-44889B11BC5D}D:\programme\maple 12\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\programme\maple 12\jre\bin\maple.exe |
"UDP Query User{443B8C77-CEE0-4350-BE6D-CF81184D60F3}D:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe |
"UDP Query User{457E39E9-E59D-411A-91D2-A5C421C0B60D}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"UDP Query User{573A2B94-9B9C-4E89-9785-2B537CB261A2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{5967AE43-6D8F-4587-8096-C75A40F4F4C0}D:\programme\autodesk\inventor 2010\bin\inventor.exe" = protocol=17 | dir=in | app=d:\programme\autodesk\inventor 2010\bin\inventor.exe |
"UDP Query User{60D7A269-137C-4315-8F7B-3D0734828C89}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{64BFA2DF-AC50-4009-BD5E-F30A4371B0AF}D:\download\netscan.exe" = protocol=17 | dir=in | app=d:\download\netscan.exe |
"UDP Query User{6899E44A-2566-416E-B2E1-7531DB4AD746}C:\program files\ansys inc\shared files\licensing\win32\lmgrd.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\win32\lmgrd.exe |
"UDP Query User{7337A83B-4ED4-49E5-A184-290A74D70269}D:\programme\icq6\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6\icq.exe |
"UDP Query User{7996125B-CEE5-4E94-85E2-D57A024E74D2}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{810A2510-E2EC-4E4B-90C8-747BE44A389F}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"UDP Query User{83F75AC3-D031-41D5-BF00-F1ECDA6D5410}D:\spiele\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\spiele\fifa 11\game\fifa.exe |
"UDP Query User{8571DAE9-F0F4-41E5-ABF8-ED6F4A189C9C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{8C6830BE-24D2-4BDA-89C2-8F07B7625713}D:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe |
"UDP Query User{A8C84A89-2CBF-4915-A219-E3D1CB414881}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{AA6E4042-49DF-4392-A4FA-3E077C94D513}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{AC6842EA-C240-4811-B5F3-50B8036AB736}D:\spiele\cs_cz\hl.exe" = protocol=17 | dir=in | app=d:\spiele\cs_cz\hl.exe |
"UDP Query User{ACC5D895-A96C-4EE4-8F5F-011C11A042AB}C:\program files\matlab\r2008a\bin\win32\matlab.exe" = protocol=17 | dir=in | app=c:\program files\matlab\r2008a\bin\win32\matlab.exe |
"UDP Query User{B07A2D2E-57B1-4B01-9D16-1E1086574144}D:\programme\maple 15\jre\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\maple 15\jre\bin\java.exe |
"UDP Query User{B8EC1D1A-D979-41A5-89EF-765BD3B35D7B}D:\programme\maple 15\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\programme\maple 15\jre\bin\maple.exe |
"UDP Query User{C08E0066-6D32-4392-8E54-DB336C36A1B2}D:\programme\icq6\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6\icq.exe |
"UDP Query User{C61264E7-15DD-4AF1-9F7C-B79F712C64AF}D:\programme\ansys inc\shared files\licensing\win32\ansysli_client.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\shared files\licensing\win32\ansysli_client.exe |
"UDP Query User{CB2A92D2-7E0A-4FC0-9FC9-26C1A0F14646}D:\fussball manager 10\eadm\core.exe" = protocol=17 | dir=in | app=d:\fussball manager 10\eadm\core.exe |
"UDP Query User{CD3C1751-A1E7-499E-B95B-38A4BA4CE932}D:\spiele\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=d:\spiele\anno 1701\anno1701.exe |
"UDP Query User{CD6FEF83-0B16-4A4D-8CDA-B2BB9B9398DE}D:\programme\maple 12\jre\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\maple 12\jre\bin\java.exe |
"UDP Query User{CFBDB506-2CBC-4147-A904-A0DECF31B911}D:\programme\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\programme\miranda im\miranda32.exe |
"UDP Query User{D1ED20AC-652B-464A-A127-29F110CD4F50}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{D23E9902-F981-49DB-A89B-1C24C1EC620D}D:\programme\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=d:\programme\mozilla firefox\firefox.exe |
"UDP Query User{D27EAEFE-40B4-4CA2-A742-B5753B0D3313}D:\programme\maple 12\jre\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\maple 12\jre\bin\java.exe |
"UDP Query User{D423D7C1-3FD1-4B6B-A4E7-DD0D0D80D6E1}D:\programme\ansys inc\v130\aisol\bin\intel\ansyswbu.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\aisol\bin\intel\ansyswbu.exe |
"UDP Query User{D4656EEB-E9BB-439F-81BB-7E86031E5DE3}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{D65076D4-6A5D-4AD0-82BE-2873DC55E700}D:\spiele\counter strike\hl.exe" = protocol=17 | dir=in | app=d:\spiele\counter strike\hl.exe |
"UDP Query User{D7189906-A2CF-49C0-8A3E-A525796FA03B}D:\programme\autodesk\inventor 2010\bin\inventor.exe" = protocol=17 | dir=in | app=d:\programme\autodesk\inventor 2010\bin\inventor.exe |
"UDP Query User{DB41E237-838B-425E-BA98-8A4E64216A4D}C:\program files\ansys inc\shared files\licensing\win32\ansyslmd.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\win32\ansyslmd.exe |
"UDP Query User{ECBD9913-81A8-4D76-85C0-1AC90EF9E753}D:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe |
"UDP Query User{FE6130B5-0244-4DF9-BDE7-0104B640367A}D:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe |
"UDP Query User{FEE21DD3-0F4B-412F-BC7A-75BE3C603C59}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{FFDFB49C-72E5-4613-950B-3DE33A08FE74}D:\programme\maple 15\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\programme\maple 15\jre\bin\maple.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{02BFF1A3-A0D5-4F64-8558-A22682BCDA58}" = ActivePerl 5.14.2 Build 1402
"{03A4C6A1-26E9-4DDB-81D9-B332E5BB10AD}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{04A5ABD3-272A-4958-836C-8DED3F177E51}" = SolidWorks eDrawings 2012
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix Online Plug-in (Web)
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FB138CC-5503-4B4A-BC42-81E9C1FF26EE}" = Autodesk Inventor Content Center Libraries 2010 (Desktop Content)
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22BA09CF-141D-45AD-B3F3-715B4B6C55A8}" = calibre
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x86
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix Online Plug-in (USB)
"{3F084E0E-E7D3-439D-9AC3-8312B2184347}" = SolidWorks 2012 Document Manager API
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AA24280-6FF2-40D1-B34C-40DA7E3317D4}" = IguanaTex
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{52969324-463B-4643-BF36-854BE2BECB89}" = Autodesk Inventor 2010 Language Pack - Deutsch
"{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}" = Microsoft SQL Server 2008 Native Client
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{562D0D31-FBAF-4505-8B27-4EC92EEA91D6}" = DIAL Communication Framework
"{56BC75EA-B19F-4C14-85B8-3FA61C0C791F}" = NMAS Client
"{5783F2D7-8001-0407-0002-0060B0CE6BBA}" = AutoCAD 2010 - Deutsch
"{5783F2D7-8001-0407-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - Deutsch
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix Online Plug-in (DV)
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{68DED384-1F74-4AEE-8B8E-95AF15572FE3}" = Port Royale 3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E9CFEF5-0245-411F-8587-CF83DF9D4B05}" = Microsoft SQL Server 2008 Database Engine Services
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7F4DD591-1400-0409-0000-7107D70F3DB4}" = Autodesk Inventor 2010
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{827990C7-4D30-3627-A2D1-5FFA09198BB2}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{8418FE6C-36B5-4023-8704-5DC2F21BB2E8}" = UltraEdit 15.00
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8CBFE0AB-3EBF-4103-BA48-59EB4FF66AD1}" = NMAS Challenge Response Method
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC8B571C-9C6E-47C1-A508-3BF1BCBED443}" = Deep Exploration 6 CE
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B265F77C-A0CF-4364-8C26-A0ADA16FA4F7}" = Nokia Mobile VPN Client Policy Tool
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B3D1CFF9-C5DA-3590-894B-40821DDB67C5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C83CD843-260E-3BD0-86BC-4E613BFDDE0A}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU
"{CB09F557-4821-46D0-BF86-8D1389AA6BC7}" = Tabellenbuch Metall digital
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{DC627AE5-A2B1-4D16-AF56-178D10EC3E81}" = KeyMan V3.6 Build 6
"{DE9CF741-20F7-488B-8B85-9D0F86FA51B4}" = TortoiseSVN 1.7.7.22907 (32 bit)
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E0D55506-9C88-4879-B61F-A5E4D0A5B460}" = SolidWorks viewer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA2F9282-383C-3DAC-A2B7-DE19E6A528E9}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) Language Pack - DEU
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix Online Plug-in (HDX)
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Android SDK Tools" = Android SDK Tools
"Audacity_is1" = Audacity 1.2.6
"AutoCAD 2010 - Deutsch" = AutoCAD 2010 - Deutsch
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Autodesk Inventor 2010" = Autodesk Inventor Professional 2010
"Autodesk Inventor 2010 SP1" = Autodesk Inventor 2010 SP1
"Avira AntiVir Desktop" = Avira Free Antivirus
"A-WIN-Extras 8.0.4 2615434_is1" = Mathematica Extras 8.0 (2615434)
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.1
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"DWG TrueView 2010" = DWG TrueView 2010
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"ffdshow_is1" = ffdshow [rev 2975] [2009-05-28]
"FileZilla Client" = FileZilla Client 3.3.3
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"GSview 4.9" = GSview 4.9
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"latex2eps_is1" = latex2eps 0.11
"MagicMap" = MagicMap
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Maple 12" = Maple 12
"Maple 15" = Maple 15
"Matlab R2012a" = MATLAB R2012a
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Miranda IM" = Miranda IM 0.9.44
"mIRC" = mIRC
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"M-WIN-G 8.0.4 2615565_is1" = Wolfram Mathematica 8 for Students (M-WIN-G 8.0.4 2615565)
"Nokia Suite" = Nokia Suite
"Novell Client for Windows" = Novell Client for Windows
"OpenAL" = OpenAL
"ProInst" = Intel PROSet Wireless
"Sandboxie" = Sandboxie 3.66 (32-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Totalcmd" = Total Commander (Remove or Repair)
"UltraISO_is1" = UltraISO Premium V9.52
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"Zattoo4" = Zattoo4 4.0.4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NoNameScript" = NNScript
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.07.2012 18:07:27 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
 
Error - 23.07.2012 18:07:28 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
 
Error - 23.07.2012 18:17:05 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
 
Error - 23.07.2012 18:17:07 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
 
Error - 23.07.2012 18:18:06 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
 
Error - 23.07.2012 18:18:06 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
 
Error - 24.07.2012 00:43:48 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
 
Error - 24.07.2012 02:12:31 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
 
Error - 24.07.2012 05:24:22 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
 
Error - 24.07.2012 06:07:17 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 23.07.2012 12:52:37 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 24.07.2012 00:43:49 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.07.2012 00:43:49 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.07.2012 00:45:11 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 24.07.2012 05:24:22 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.07.2012 05:24:22 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.07.2012 05:25:55 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 24.07.2012 06:07:17 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.07.2012 06:07:17 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.07.2012 06:12:22 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
 
< End of report >
Gmer:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-24 13:19:29
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000
Running: fwb5m14j.exe; Driver: C:\Users\***\AppData\Local\Temp\uxrdqpod.sys


---- System - GMER 1.0.15 ----

SSDT            90E66D5E                                                                                                                          ZwCreateSection
SSDT            90E66D68                                                                                                                          ZwRequestWaitReplyPort
SSDT            90E66D63                                                                                                                          ZwSetContextThread
SSDT            90E66D6D                                                                                                                          ZwSetSecurityObject
SSDT            90E66D72                                                                                                                          ZwSystemDebugControl
SSDT            90E66CFF                                                                                                                          ZwTerminateProcess

INT 0x61        ?                                                                                                                                900397D0
INT 0x71        ?                                                                                                                                90039A50

Code            A88CDBFC                                                                                                                          ZwTraceEvent
Code            A88CDBFB                                                                                                                          NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!NtTraceEvent                                                                                                        8287BF94 5 Bytes  JMP A88CDC00
.text          ntoskrnl.exe!KeInsertQueue + 405                                                                                                  828ADA3C 4 Bytes  [5E, 6D, E6, 90] {POP ESI; INSD ; OUT 0x90, AL}
.text          ntoskrnl.exe!KeInsertQueue + 729                                                                                                  828ADD60 4 Bytes  [68, 6D, E6, 90]
.text          ntoskrnl.exe!KeInsertQueue + 75D                                                                                                  828ADD94 4 Bytes  [63, 6D, E6, 90] {ARPL [EBP-0x1a], BP; NOP }
.text          ntoskrnl.exe!KeInsertQueue + 7C1                                                                                                  828ADDF8 4 Bytes  [6D, 6D, E6, 90] {INSD ; INSD ; OUT 0x90, AL}
.text          ntoskrnl.exe!KeInsertQueue + 809                                                                                                  828ADE40 4 Bytes  [72, 6D, E6, 90] {JB 0x6f; OUT 0x90, AL}
.text          ...                                                                                                                             
PAGE            ntoskrnl.exe!NtRequestPort + 2                                                                                                    82A02B69 5 Bytes  JMP A88CDCA0
PAGE            ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 2                                                                                        82A5AEE8 5 Bytes  JMP A88CDDE0
.text          win32k.sys!XFORMOBJ_iGetXform + 457F                                                                                              A2C8078C 5 Bytes  JMP A88CD5C0
.text          win32k.sys!XFORMOBJ_iGetXform + 70FA                                                                                              A2C83307 5 Bytes  JMP A88CD700
.text          win32k.sys!EngMulDiv + 4D41                                                                                                      A2CCA670 5 Bytes  JMP A88CD660
.text          win32k.sys!EngMulDiv + 8C36                                                                                                      A2CCE565 5 Bytes  JMP A88CD520
.text          win32k.sys!EngStrokePath + 5FF                                                                                                    A2CD7A1C 5 Bytes  JMP A88CDA20
.text          win32k.sys!EngAlphaBlend + 88BE                                                                                                  A2CEED3B 5 Bytes  JMP A88CD3E0
.text          win32k.sys!EngAlphaBlend + 9B48                                                                                                  A2CEFFC5 5 Bytes  JMP A88CD480
.text          win32k.sys!STROBJ_vEnumStart + 4728                                                                                              A2D07749 5 Bytes  JMP A88CDAC0
.text          win32k.sys!CLIPOBJ_bEnum + 24A                                                                                                    A2D2B56C 5 Bytes  JMP A88CD840
.text          win32k.sys!EngLineTo + A15                                                                                                        A2D4D5BD 5 Bytes  JMP A88CD7A0
.text          win32k.sys!EngLineTo + DD5D                                                                                                      A2D5A905 5 Bytes  JMP A88CDB60
.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                                                            section is writeable [0xABA1B300, 0x3ACC8, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                            section is writeable [0xABAEE300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          D:\Programme\TortoiseSVN\bin\TSVNCache.exe[4796] kernel32.dll!SetUnhandledExceptionFilter + 2                                    77CFA8C7 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text          D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5524] ntdll.dll!DbgUiRemoteBreakin                                77C0CD44 1 Byte  [C3]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6                                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd65b4f                                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd6642e                                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344                                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@001d2885a723                                          0x09 0x13 0x00 0x26 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@0016b88fc755                                          0x6C 0xAD 0x77 0x5F ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@000fde82306f                                          0x9F 0xD2 0x7A 0x83 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@0025483f4f86                                          0xE5 0x2C 0xE2 0x3A ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@942053f2473d                                          0x47 0x30 0x0B 0x38 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@b8d9cebe6c7c                                          0x37 0x79 0x8F 0xE2 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                 
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                              D:\Programme\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                              0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                            0xA3 0x98 0xA4 0xE1 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                       
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                      0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                  0x33 0xE8 0x19 0xF4 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                 
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                            0xA6 0xC3 0x3C 0xBB ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                                 
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                            0xE5 0x64 0x43 0x7A ...
Reg            HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6 (not active ControlSet)                                 
Reg            HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001e4cd65b4f (not active ControlSet)                                 
Reg            HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001e4cd6642e (not active ControlSet)                                 
Reg            HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344 (not active ControlSet)                                 
Reg            HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@001d2885a723                                              0x09 0x13 0x00 0x26 ...
Reg            HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@0016b88fc755                                              0x6C 0xAD 0x77 0x5F ...
Reg            HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@000fde82306f                                              0x9F 0xD2 0x7A 0x83 ...
Reg            HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@0025483f4f86                                              0xE5 0x2C 0xE2 0x3A ...
Reg            HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@942053f2473d                                              0x47 0x30 0x0B 0x38 ...
Reg            HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@b8d9cebe6c7c                                              0x37 0x79 0x8F 0xE2 ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                             
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                  D:\Programme\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                  0
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                0xA3 0x98 0xA4 0xE1 ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                          0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                      0x33 0xE8 0x19 0xF4 ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)             
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                0xA6 0xC3 0x3C 0xBB ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)             
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                                0xE5 0x64 0x43 0x7A ...
Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{78785EB0-1D82-8BA9-1C09-D709D1A7099A}                 
Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{78785EB0-1D82-8BA9-1C09-D709D1A7099A}@hafiihnmjcleiflb  0x69 0x61 0x63 0x6C ...

---- EOF - GMER 1.0.15 ----
Bei dem PC handelt es sich um ein Notebook mit Vista SP2. Gegen Schädlinge läuft immer Antivir und Spybot Search&Destroy.

Wie schon eingangs geschrieben: ich kann keine Anzeichen für einen Befall ausmachen. Aber da die Scans trotzdem etwas gefunden haben.. Für Ratschläge ob und wie es sinnvoll ist weiter zu graben, wäre ich sehr dankbar.

Gruß

markusg 24.07.2012 16:43
hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Ilu 24.07.2012 17:42
Hi,
danke für die schnelle Antwort.

Hier das Combofix-Log:
Code:
ComboFix 12-07-25.04 - *** 24.07.2012  17:59:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3066.1532 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\***\AppData\Local\assembly\tmp
c:\users\***\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\tmp4D79.tmp
c:\windows\system32\tmp4DC8.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-24 bis 2012-07-24  ))))))))))))))))))))))))))))))
.
.
2012-07-24 16:08 . 2012-07-24 16:08        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-07-24 16:08 . 2012-07-24 16:08        --------        d-----w-        c:\users\***AndererAccMitUserRechten***\AppData\Local\temp
2012-07-24 16:08 . 2012-07-24 16:08        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-24 16:08 . 2012-07-24 16:08        --------        d-----w-        c:\users\***AccMitUserRechten***\AppData\Local\temp
2012-07-23 12:06 . 2012-07-23 12:06        40776        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-23 12:06 . 2012-07-23 12:06        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-07-23 12:05 . 2012-07-23 12:05        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-23 12:05 . 2012-07-23 12:05        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-07-23 12:05 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-20 18:21 . 2012-07-20 18:21        --------        d-----w-        c:\users\***AccMitUserRechten***\AppData\Local\Macromedia
2012-07-20 17:35 . 2012-06-29 08:44        6891424        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5512A987-5D11-44A4-99EA-2DB7D97CA7B3}\mpengine.dll
2012-07-20 17:28 . 2012-07-22 06:56        --------        d-----w-        c:\users\***AccMitUserRechten***\AppData\Local\TSVNCache
2012-07-20 17:28 . 2012-07-20 17:28        --------        d-----w-        c:\users\***AccMitUserRechten***\AppData\Roaming\Subversion
2012-07-18 12:54 . 2012-07-18 12:54        --------        d-----w-        c:\users\***\AppData\Roaming\TortoiseSVN
2012-07-18 12:42 . 2012-07-24 16:12        --------        d-----w-        c:\users\***\AppData\Local\TSVNCache
2012-07-18 12:36 . 2012-07-18 12:36        --------        d-----w-        c:\users\***\AppData\Roaming\Subversion
2012-07-18 12:25 . 2012-07-18 12:25        --------        d-----w-        c:\program files\Common Files\TortoiseOverlays
2012-07-13 22:10 . 2012-07-14 12:43        --------        d-----w-        c:\users\***\.android
2012-07-10 17:41 . 2012-06-05 16:47        708608        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 17:41 . 2012-06-04 15:26        440704        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-07-01 21:39 . 2012-07-01 21:45        --------        d-----w-        c:\users\***\AppData\Local\MDG
2012-07-01 20:21 . 2012-07-02 07:15        --------        d-----w-        c:\users\***\AppData\Local\Samsung
2012-07-01 20:21 . 2012-07-19 14:54        --------        d-----w-        c:\users\***\AppData\Roaming\Samsung
2012-07-01 20:04 . 2012-05-21 02:09        80824        ----a-w-        c:\windows\system32\drivers\ssudbus.sys
2012-07-01 20:04 . 2012-05-21 02:09        181432        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys
2012-07-01 19:59 . 2012-07-01 19:59        --------        d-----w-        c:\program files\MarkAny
2012-07-01 19:59 . 2012-06-26 14:02        821824        ----a-w-        c:\windows\system32\dgderapi.dll
2012-07-01 19:59 . 2012-06-26 14:02        20032        ----a-w-        c:\windows\system32\drivers\dgderdrv.sys
2012-07-01 19:58 . 2012-07-19 14:54        --------        d-----w-        c:\programdata\Samsung
2012-07-01 19:46 . 2012-07-19 14:53        --------        d-----w-        c:\users\***\AppData\Local\Downloaded Installations
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 15:47 . 2012-03-29 11:05        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-16 15:47 . 2011-05-17 06:26        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-26 14:03 . 2012-07-01 20:00        4659712        ----a-w-        c:\windows\system32\Redemption.dll
2012-06-26 14:02 . 2008-06-25 05:18        319456        ----a-w-        c:\windows\system32\DIFxAPI.dll
2012-06-18 09:27 . 2012-06-18 09:28        476936        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-06-18 09:27 . 2010-05-16 19:55        472840        ----a-w-        c:\windows\system32\deployJava1.dll
2012-06-13 13:40 . 2012-07-10 18:25        2047488        ----a-w-        c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-10 17:41        1401856        ----a-w-        c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-10 17:41        1248768        ----a-w-        c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-21 05:18        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:18        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:17        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:17        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 05:18        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 05:18        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 05:17        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 05:17        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 05:17        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-02 08:25 . 2012-07-10 18:15        1129472        ----a-w-        c:\windows\system32\wininet.dll
2012-06-02 00:04 . 2012-07-10 17:41        278528        ----a-w-        c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-10 17:41        204288        ----a-w-        c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2009-10-11 18:56        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-05-28 22:38 . 2012-05-28 22:38        330240        ----a-w-        c:\windows\MASetupCaller.dll
2012-05-23 16:49 . 2012-05-23 16:49        90112        ----a-w-        c:\windows\MAMCityDownload.ocx
2012-05-23 16:49 . 2012-05-23 16:49        30568        ----a-w-        c:\windows\MusiccityDownload.exe
2012-05-23 16:49 . 2012-05-23 16:49        974848        ----a-w-        c:\windows\system32\cis-2.4.dll
2012-05-23 16:49 . 2012-05-23 16:49        81920        ----a-w-        c:\windows\system32\issacapi_bs-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49        65536        ----a-w-        c:\windows\system32\issacapi_pe-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49        57344        ----a-w-        c:\windows\system32\MTXSYNCICON.dll
2012-05-23 16:49 . 2012-05-23 16:49        57344        ----a-w-        c:\windows\system32\MK_Lyric.dll
2012-05-23 16:49 . 2012-05-23 16:49        57344        ----a-w-        c:\windows\system32\issacapi_se-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49        569344        ----a-w-        c:\windows\system32\muzdecode.ax
2012-05-23 16:49 . 2012-05-23 16:49        491520        ----a-w-        c:\windows\system32\muzapp.dll
2012-05-23 16:49 . 2012-05-23 16:49        49152        ----a-w-        c:\windows\system32\MaJGUILib.dll
2012-05-23 16:49 . 2012-05-23 16:49        45320        ----a-w-        c:\windows\system32\MAMACExtract.dll
2012-05-23 16:49 . 2012-05-23 16:49        45056        ----a-w-        c:\windows\system32\MaXMLProto.dll
2012-05-23 16:49 . 2012-05-23 16:49        45056        ----a-w-        c:\windows\system32\MACXMLProto.dll
2012-05-23 16:49 . 2012-05-23 16:49        40960        ----a-w-        c:\windows\system32\MTTELECHIP.dll
2012-05-23 16:49 . 2012-05-23 16:49        352256        ----a-w-        c:\windows\system32\MSLUR71.dll
2012-05-23 16:49 . 2012-05-23 16:49        258048        ----a-w-        c:\windows\system32\muzoggsp.ax
2012-05-23 16:49 . 2012-05-23 16:49        245760        ----a-w-        c:\windows\system32\MSCLib.dll
2012-05-23 16:49 . 2012-05-23 16:49        24576        ----a-w-        c:\windows\system32\MASetupCleaner.exe
2012-05-23 16:49 . 2012-05-23 16:49        200704        ----a-w-        c:\windows\system32\muzwmts.dll
2012-05-23 16:49 . 2012-05-23 16:49        172032        ----a-w-        c:\windows\system32\muzapp.exe
2012-05-23 16:49 . 2012-05-23 16:49        155648        ----a-w-        c:\windows\system32\MSFLib.dll
2012-05-23 16:49 . 2012-05-23 16:49        143360        ----a-w-        c:\windows\system32\3DAudio.ax
2012-05-23 16:49 . 2012-05-23 16:49        135168        ----a-w-        c:\windows\system32\muzaf1.dll
2012-05-23 16:49 . 2012-05-23 16:49        131072        ----a-w-        c:\windows\system32\muzmpgsp.ax
2012-05-23 16:49 . 2012-05-23 16:49        122880        ----a-w-        c:\windows\system32\muzeffect.ax
2012-05-23 16:49 . 2012-05-23 16:49        118784        ----a-w-        c:\windows\system32\MaDRM.dll
2012-05-23 16:49 . 2012-05-23 16:49        110592        ----a-w-        c:\windows\system32\muzmp4sp.ax
2012-05-08 17:36 . 2011-10-24 04:53        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-08 17:36 . 2009-06-27 19:26        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-05 20:00 . 2011-11-05 22:29        2478592        ----a-w-        c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-05-05 20:00 . 2011-02-21 16:55        2455488        ----a-w-        c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll
2012-05-05 11:58 . 2011-02-21 16:55        18400        ----a-w-        c:\programdata\Microsoft\VSA\9.0\1031\ResourceCache.dll
2012-05-05 11:58 . 2011-02-21 16:55        18368        ----a-w-        c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2012-05-04 21:42 . 2012-05-04 21:42        416        ----a-w-        c:\programdata\Microsoft\MSDN\9.0\1031\ResourceCache.dll
2012-05-04 21:42 . 2011-06-08 20:41        416        ----a-w-        c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-05-04 07:41 . 2012-05-04 07:41        229208        ----a-w-        c:\windows\system32\drivers\VMM.sys
2012-05-01 14:03 . 2012-06-13 07:49        180736        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DisplayFusion"="d:\programme\DisplayFusion\DisplayFusion.exe" [2012-01-12 2789280]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SandboxieControl"="d:\programme\Sandboxie\SbieCtrl.exe" [2012-03-22 452880]
"KiesPDLR"="d:\programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
"KiesPreload"="d:\programme\Samsung\Kies\Kies.exe" [2012-07-16 975800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1049896]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"CherryKeyMan"="c:\program files\Cherry\KeyMan\KeyMan.exe" [2010-09-01 254004]
"NWTRAY"="NWTRAY.EXE" [2011-11-27 34904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"KiesTrayAgent"="d:\programme\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Miranda IM.lnk - d:\programme\Miranda IM\miranda32.exe [2012-2-17 827989]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages        REG_MULTI_SZ          msv1_0 ncv1_0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ICQ6.5.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ICQ6.5.lnk
backup=c:\windows\pss\ICQ6.5.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Taskplaner Modul.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Taskplaner Modul.lnk
backup=c:\windows\pss\SolidWorks Taskplaner Modul.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53        35736        ----a-w-        c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58        611712        ----a-w-        c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-10-12 16:24        304568        ----a-w-        c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-08-01 08:28        124480        ----a-w-        d:\programme\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-05-16 13:44        1084840        ----a-w-        c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 10:02        79400        ----a-w-        c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-08-30 16:43        3077528        ----a-w-        c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03        210472        ----a-w-        c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25        202240        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1614058835-672721566-3778044925-1003]
"EnableNotificationsRef"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - d:\programme\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
DPF: {0427F569-3D57-4F10-B9FB-8D71A6A7BE24} - file:///C:/Users/***/AppData/Local/Temp/FV2GA4/frmeditor.ocx
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nc71xmt7.default\
FF - prefs.js: browser.startup.homepage - google.de
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.txt=UltraEdit.txt
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-Akamai NetSession Interface - c:\users\***\AppData\Local\Akamai\netsession_win.exe
HKCU-Run-KiesHelper - d:\programme\Samsung\Kies\KiesHelper.exe
HKCU-Run-KiesAirMessage - d:\programme\Samsung\Kies\KiesAirMessage.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-boincmgr - d:\programme\BOINC\boincmgr.exe
MSConfigStartUp-boinctray - d:\programme\BOINC\boinctray.exe
MSConfigStartUp-EA Core - d:\fussball manager 10\EADM\Core.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-SolidWorks_CheckForUpdates - c:\program files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe
MSConfigStartUp-Vidalia - d:\programme\Vidalia Bundle\Vidalia\vidalia.exe
MSConfigStartUp-WinampAgent - d:\programme\Winamp\winampa.exe
AddRemove-01_Simmental - d:\programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - d:\programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - d:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - d:\programme\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - d:\programme\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - d:\programme\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - d:\programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - d:\programme\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - d:\programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - d:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - d:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - d:\programme\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - d:\programme\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - d:\programme\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - d:\programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - d:\programme\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - d:\programme\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - d:\programme\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - d:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-24 18:14
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1614058835-672721566-3778044925-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{78785EB0-1D82-8BA9-1C09-D709D1A7099A}*]
"hafiihnmjcleiflb"=hex:69,61,63,6c,65,61,66,61,67,62,61,68,66,67,6f,6c,63,65,
  00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\NETWIN32.DLL
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'Explorer.exe'(4668)
d:\programme\DisplayFusion\Hooks\AppHookx86_796a9db3-9ac3-471c-8cfd-65f0069015da.dll
c:\program files\Common Files\Cherry\Common\KbdHook00.dll
c:\windows\system32\btmmhook.dll
d:\programme\FileZilla FTP Client\fzshellext.dll
c:\windows\system32\btncopy.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\NETWIN32.DLL
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
d:\programme\Sandboxie\SbieSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe
c:\windows\System32\lpksetup.exe
c:\program files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
d:\programme\Cisco VPN Client\cvpnd.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\HPSIsvc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_monitor.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\StkCSrv.exe
c:\program files\ANSYS Inc\Shared Files\Licensing\win32\lmgrd.exe
c:\program files\ANSYS Inc\Shared Files\Licensing\win32\ansyslmd.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
d:\programme\TortoiseSVN\bin\TSVNCache.exe
c:\windows\RtHDVCpl.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\System32\nwtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Cherry\CDI\cdi.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-24  18:24:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-24 16:24
.
Vor Suchlauf: 15 Verzeichnis(se), 30.499.442.688 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 32.124.981.248 Bytes frei
.
- - End Of File - - 3AFF8D5A3B71EB8506D3DE980530A4BC
Edit:
Ganz vergessen: nach dem Neustart durch Combofix gabs die Fehlermeldung
Zitat:
c:\program files\avira\antivir desktop\ipmGui.exe

Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
Gruß

markusg 25.07.2012 17:10
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Ilu 25.07.2012 18:13
Hi Markus,
wie gewünscht das TDSSKiller-Log:
Code:
18:14:37.0444 0364        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:14:37.0481 0364        ============================================================
18:14:37.0481 0364        Current date / time: 2012/07/25 18:14:37.0481
18:14:37.0481 0364        SystemInfo:
18:14:37.0481 0364       
18:14:37.0481 0364        OS Version: 6.0.6002 ServicePack: 2.0
18:14:37.0481 0364        Product type: Workstation
18:14:37.0481 0364        ComputerName: ***
18:14:37.0481 0364        UserName: ***
18:14:37.0481 0364        Windows directory: C:\Windows
18:14:37.0482 0364        System windows directory: C:\Windows
18:14:37.0482 0364        Processor architecture: Intel x86
18:14:37.0482 0364        Number of processors: 2
18:14:37.0482 0364        Page size: 0x1000
18:14:37.0482 0364        Boot type: Normal boot
18:14:37.0482 0364        ============================================================
18:14:38.0139 0364        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:14:38.0143 0364        ============================================================
18:14:38.0143 0364        \Device\Harddisk0\DR0:
18:14:38.0143 0364        MBR partitions:
18:14:38.0143 0364        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0xB2C126D
18:14:38.0143 0364        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC6C5928, BlocksNum 0x18D67D99
18:14:38.0143 0364        ============================================================
18:14:38.0263 0364        D: <-> \Device\Harddisk0\DR0\Partition1
18:14:38.0493 0364        C: <-> \Device\Harddisk0\DR0\Partition0
18:14:38.0493 0364        ============================================================
18:14:38.0493 0364        Initialize success
18:14:38.0493 0364        ============================================================
18:15:16.0213 7360        ============================================================
18:15:16.0213 7360        Scan started
18:15:16.0213 7360        Mode: Manual; SigCheck; TDLFS;
18:15:16.0213 7360        ============================================================
18:15:18.0709 7360        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:15:18.0849 7360        ACPI - ok
18:15:18.0912 7360        adfs            (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
18:15:18.0912 7360        adfs - ok
18:15:19.0099 7360        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:15:19.0099 7360        AdobeARMservice - ok
18:15:19.0177 7360        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:15:19.0208 7360        adp94xx - ok
18:15:19.0239 7360        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:15:19.0255 7360        adpahci - ok
18:15:19.0286 7360        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:15:19.0302 7360        adpu160m - ok
18:15:19.0333 7360        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:15:19.0333 7360        adpu320 - ok
18:15:19.0395 7360        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:15:19.0567 7360        AeLookupSvc - ok
18:15:19.0723 7360        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:15:19.0785 7360        AFD - ok
18:15:19.0895 7360        AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
18:15:19.0973 7360        AgereSoftModem - ok
18:15:20.0019 7360        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:15:20.0035 7360        agp440 - ok
18:15:20.0066 7360        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:15:20.0082 7360        aic78xx - ok
18:15:20.0144 7360        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
18:15:20.0285 7360        ALG - ok
18:15:20.0300 7360        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:15:20.0300 7360        aliide - ok
18:15:20.0347 7360        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:15:20.0363 7360        amdagp - ok
18:15:20.0378 7360        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:15:20.0394 7360        amdide - ok
18:15:20.0409 7360        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:15:20.0456 7360        AmdK7 - ok
18:15:20.0487 7360        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:15:20.0534 7360        AmdK8 - ok
18:15:22.0593 7360        ANSYS, Inc. License Manager (65a2d3fe71b7f27e3d76aaa9e43634ea) C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
18:15:22.0749 7360        ANSYS, Inc. License Manager ( UnsignedFile.Multi.Generic ) - warning
18:15:22.0749 7360        ANSYS, Inc. License Manager - detected UnsignedFile.Multi.Generic (1)
18:15:23.0046 7360        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:15:23.0077 7360        AntiVirSchedulerService - ok
18:15:23.0108 7360        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:15:23.0108 7360        AntiVirService - ok
18:15:23.0389 7360        AppHostSvc      (dfae18c675d71fd06d57dc69d2913975) C:\Windows\system32\inetsrv\apphostsvc.dll
18:15:23.0451 7360        AppHostSvc - ok
18:15:23.0498 7360        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
18:15:23.0576 7360        Appinfo - ok
18:15:23.0623 7360        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:15:23.0639 7360        arc - ok
18:15:23.0685 7360        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:15:23.0685 7360        arcsas - ok
18:15:23.0841 7360        aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:15:23.0857 7360        aspnet_state - ok
18:15:23.0888 7360        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:15:23.0935 7360        AsyncMac - ok
18:15:23.0951 7360        atapi          (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
18:15:23.0966 7360        atapi - ok
18:15:24.0029 7360        atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
18:15:24.0060 7360        atksgt ( UnsignedFile.Multi.Generic ) - warning
18:15:24.0060 7360        atksgt - detected UnsignedFile.Multi.Generic (1)
18:15:24.0122 7360        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:15:24.0138 7360        AudioEndpointBuilder - ok
18:15:24.0153 7360        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:15:24.0169 7360        Audiosrv - ok
18:15:24.0325 7360        Autodesk Licensing Service (4961850fb000896d6a6b90868dc91a98) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
18:15:24.0372 7360        Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:15:24.0372 7360        Autodesk Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:15:24.0387 7360        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
18:15:24.0419 7360        avgntflt - ok
18:15:24.0481 7360        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
18:15:24.0512 7360        avipbb - ok
18:15:24.0606 7360        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:15:24.0637 7360        avkmgr - ok
18:15:24.0684 7360        bcm4sbxp        (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
18:15:24.0855 7360        bcm4sbxp - ok
18:15:24.0887 7360        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:15:24.0933 7360        Beep - ok
18:15:25.0043 7360        BFE            (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
18:15:25.0089 7360        BFE - ok
18:15:25.0589 7360        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
18:15:25.0667 7360        BITS - ok
18:15:25.0807 7360        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:15:25.0854 7360        blbdrive - ok
18:15:25.0901 7360        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:15:25.0963 7360        bowser - ok
18:15:25.0994 7360        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:15:26.0041 7360        BrFiltLo - ok
18:15:26.0057 7360        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:15:26.0088 7360        BrFiltUp - ok
18:15:26.0119 7360        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
18:15:26.0181 7360        Browser - ok
18:15:26.0213 7360        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:15:26.0306 7360        Brserid - ok
18:15:26.0353 7360        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:15:26.0400 7360        BrSerWdm - ok
18:15:26.0415 7360        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:15:26.0462 7360        BrUsbMdm - ok
18:15:26.0478 7360        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:15:26.0540 7360        BrUsbSer - ok
18:15:26.0587 7360        BthEnum        (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
18:15:26.0618 7360        BthEnum - ok
18:15:26.0665 7360        BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
18:15:26.0681 7360        BTHMODEM - ok
18:15:26.0712 7360        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
18:15:26.0743 7360        BthPan - ok
18:15:26.0805 7360        BTHPORT        (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
18:15:26.0852 7360        BTHPORT - ok
18:15:26.0899 7360        BthServ        (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
18:15:26.0930 7360        BthServ - ok
18:15:26.0946 7360        BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
18:15:26.0977 7360        BTHUSB - ok
18:15:27.0024 7360        btwaudio        (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
18:15:27.0055 7360        btwaudio - ok
18:15:27.0086 7360        btwavdt        (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
18:15:27.0117 7360        btwavdt - ok
18:15:27.0164 7360        btwrchid        (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
18:15:27.0195 7360        btwrchid - ok
18:15:27.0398 7360        catchme - ok
18:15:27.0429 7360        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:15:27.0461 7360        cdfs - ok
18:15:27.0507 7360        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:15:27.0539 7360        cdrom - ok
18:15:27.0601 7360        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:15:27.0632 7360        CertPropSvc - ok
18:15:27.0679 7360        Ch2kPS2        (970dddebaa177ad1f738a24c8d9c0735) C:\Windows\system32\DRIVERS\Ch2kPS2.sys
18:15:27.0726 7360        Ch2kPS2 - ok
18:15:27.0757 7360        Ch2kPS2M        (f767a99313f4b87350bf60500575a8af) C:\Windows\system32\DRIVERS\Ch2kPS2M.sys
18:15:27.0773 7360        Ch2kPS2M ( UnsignedFile.Multi.Generic ) - warning
18:15:27.0773 7360        Ch2kPS2M - detected UnsignedFile.Multi.Generic (1)
18:15:27.0819 7360        Ch2kUSB        (6bb54c8ab2ff2406c08157052cae793c) C:\Windows\system32\drivers\Ch2kUSB.sys
18:15:27.0851 7360        Ch2kUSB - ok
18:15:28.0459 7360        Cherry Device Interface (1ce3f63d0c5867d16b01435f8cdaef8b) C:\Program Files\Cherry\CDI\cdi.exe
18:15:28.0490 7360        Cherry Device Interface ( UnsignedFile.Multi.Generic ) - warning
18:15:28.0490 7360        Cherry Device Interface - detected UnsignedFile.Multi.Generic (1)
18:15:28.0521 7360        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:15:28.0553 7360        circlass - ok
18:15:28.0833 7360        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:15:28.0849 7360        CLFS - ok
18:15:28.0943 7360        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:15:28.0958 7360        clr_optimization_v2.0.50727_32 - ok
18:15:29.0208 7360        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:15:29.0223 7360        clr_optimization_v4.0.30319_32 - ok
18:15:29.0270 7360        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:15:29.0301 7360        CmBatt - ok
18:15:29.0317 7360        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:15:29.0333 7360        cmdide - ok
18:15:29.0348 7360        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:15:29.0348 7360        Compbatt - ok
18:15:29.0364 7360        COMSysApp - ok
18:15:29.0364 7360        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:15:29.0379 7360        crcdisk - ok
18:15:29.0395 7360        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:15:29.0426 7360        Crusoe - ok
18:15:29.0473 7360        CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
18:15:29.0520 7360        CryptSvc - ok
18:15:29.0582 7360        ctxusbm        (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
18:15:29.0613 7360        ctxusbm - ok
18:15:29.0645 7360        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
18:15:29.0676 7360        CVirtA - ok
18:15:31.0407 7360        CVPND          (98b1b70e250ebca7b7a0a56ad2a7e62f) D:\Programme\Cisco VPN Client\cvpnd.exe
18:15:31.0470 7360        CVPND - ok
18:15:31.0563 7360        CVPNDRVA        (465ced77e7c4f9d71b81ba600edafac1) C:\Windows\system32\Drivers\CVPNDRVA.sys
18:15:31.0563 7360        CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
18:15:31.0563 7360        CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
18:15:31.0657 7360        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:15:31.0704 7360        DcomLaunch - ok
18:15:31.0797 7360        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:15:31.0844 7360        DfsC - ok
18:15:32.0624 7360        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
18:15:32.0811 7360        DFSR - ok
18:15:32.0921 7360        dgderdrv        (6216fd7fd227de454238a702b218cec7) C:\Windows\system32\drivers\dgderdrv.sys
18:15:32.0936 7360        dgderdrv - ok
18:15:33.0030 7360        dg_ssudbus      (f9f31a9f2a8c0dd0ceb6e380bf0985d4) C:\Windows\system32\DRIVERS\ssudbus.sys
18:15:33.0061 7360        dg_ssudbus - ok
18:15:33.0139 7360        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
18:15:33.0186 7360        Dhcp - ok
18:15:34.0574 7360        DialComService  (5c90fdd933a0f8566399363191751113) C:\Program Files\DIAL GmbH\DIAL Communication Framework\DialComService.exe
18:15:34.0668 7360        DialComService - ok
18:15:35.0011 7360        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:15:35.0027 7360        disk - ok
18:15:35.0073 7360        DNE            (86d52c32a308f84bbc626bff7c1fb710) C:\Windows\system32\DRIVERS\dne2000.sys
18:15:35.0089 7360        DNE - ok
18:15:35.0120 7360        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
18:15:35.0229 7360        Dnscache - ok
18:15:35.0292 7360        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
18:15:35.0323 7360        dot3svc - ok
18:15:35.0370 7360        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
18:15:35.0417 7360        DPS - ok
18:15:35.0432 7360        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:15:35.0463 7360        drmkaud - ok
18:15:35.0479 7360        DS1410D - ok
18:15:35.0900 7360        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:15:35.0963 7360        DXGKrnl - ok
18:15:36.0025 7360        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:15:36.0072 7360        E1G60 - ok
18:15:36.0103 7360        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
18:15:36.0134 7360        EapHost - ok
18:15:36.0181 7360        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:15:36.0197 7360        Ecache - ok
18:15:36.0259 7360        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
18:15:36.0337 7360        ehRecvr - ok
18:15:36.0353 7360        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
18:15:36.0399 7360        ehSched - ok
18:15:36.0415 7360        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
18:15:36.0431 7360        ehstart - ok
18:15:36.0462 7360        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:15:36.0493 7360        elxstor - ok
18:15:36.0930 7360        EMDMgmt        (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
18:15:36.0977 7360        EMDMgmt - ok
18:15:36.0992 7360        epmntdrv        (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
18:15:37.0055 7360        epmntdrv ( UnsignedFile.Multi.Generic ) - warning
18:15:37.0055 7360        epmntdrv - detected UnsignedFile.Multi.Generic (1)
18:15:37.0086 7360        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:15:37.0117 7360        ErrDev - ok
18:15:37.0148 7360        EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
18:15:37.0179 7360        EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
18:15:37.0179 7360        EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
18:15:37.0413 7360        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
18:15:37.0476 7360        EventSystem - ok
18:15:37.0601 7360        EvtEng          (87bfd4ef2f43399da37b48b42a84a749) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:15:37.0647 7360        EvtEng ( UnsignedFile.Multi.Generic ) - warning
18:15:37.0647 7360        EvtEng - detected UnsignedFile.Multi.Generic (1)
18:15:37.0710 7360        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:15:37.0788 7360        exfat - ok
18:15:37.0803 7360        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:15:37.0819 7360        fastfat - ok
18:15:37.0881 7360        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:15:37.0913 7360        fdc - ok
18:15:37.0944 7360        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
18:15:37.0959 7360        fdPHost - ok
18:15:37.0975 7360        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:15:38.0022 7360        FDResPub - ok
18:15:38.0037 7360        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:15:38.0053 7360        FileInfo - ok
18:15:38.0069 7360        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:15:38.0100 7360        Filetrace - ok
18:15:38.0209 7360        FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:15:38.0240 7360        FLEXnet Licensing Service - ok
18:15:38.0271 7360        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:15:38.0303 7360        flpydisk - ok
18:15:38.0349 7360        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:15:38.0381 7360        FltMgr - ok
18:15:38.0552 7360        FontCache      (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
18:15:38.0615 7360        FontCache - ok
18:15:38.0693 7360        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:15:38.0693 7360        FontCache3.0.0.0 - ok
18:15:38.0724 7360        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
18:15:38.0771 7360        Fs_Rec - ok
18:15:38.0802 7360        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:15:38.0817 7360        gagp30kx - ok
18:15:38.0849 7360        ggflt          (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
18:15:38.0880 7360        ggflt - ok
18:15:38.0895 7360        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
18:15:38.0911 7360        ggsemc - ok
18:15:38.0973 7360        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
18:15:39.0051 7360        gpsvc - ok
18:15:39.0098 7360        hamachi        (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
18:15:39.0114 7360        hamachi - ok
18:15:39.0161 7360        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:15:39.0207 7360        HdAudAddService - ok
18:15:39.0254 7360        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:15:39.0317 7360        HDAudBus - ok
18:15:39.0348 7360        HidBth          (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
18:15:39.0379 7360        HidBth - ok
18:15:39.0410 7360        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:15:39.0457 7360        HidIr - ok
18:15:39.0488 7360        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
18:15:39.0519 7360        hidserv - ok
18:15:39.0551 7360        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:15:39.0566 7360        HidUsb - ok
18:15:39.0597 7360        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
18:15:39.0629 7360        hkmsvc - ok
18:15:39.0644 7360        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:15:39.0660 7360        HpCISSs - ok
18:15:39.0722 7360        HPSIService    (94d23d4f096f12ca42c2fe4196631f46) C:\Windows\system32\HPSIsvc.exe
18:15:39.0722 7360        HPSIService - ok
18:15:39.0785 7360        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:15:39.0878 7360        HTTP - ok
18:15:39.0909 7360        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:15:39.0925 7360        i2omp - ok
18:15:39.0972 7360        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:15:40.0003 7360        i8042prt - ok
18:15:40.0097 7360        ialm            (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:15:40.0206 7360        ialm - ok
18:15:40.0346 7360        iaNvStor        (3e349157986c533e3cbeb8c1e17290bb) C:\Windows\system32\DRIVERS\iaNvStor.sys
18:15:40.0377 7360        iaNvStor - ok
18:15:40.0721 7360        iaStor          (f263a9036f8897ffa2ae54685e03ad60) C:\Windows\system32\DRIVERS\iaStor.sys
18:15:40.0752 7360        iaStor - ok
18:15:41.0111 7360        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:15:41.0142 7360        iaStorV - ok
18:15:41.0516 7360        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:15:41.0563 7360        idsvc - ok
18:15:41.0594 7360        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:15:41.0610 7360        iirsp - ok
18:15:41.0672 7360        IISADMIN        (dae181c2fdb0d02159c56185a469e10b) C:\Windows\system32\inetsrv\inetinfo.exe
18:15:41.0703 7360        IISADMIN - ok
18:15:41.0766 7360        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
18:15:41.0844 7360        IKEEXT - ok
18:15:43.0076 7360        IntcAzAudAddService (ffd2b3bc042596abe785d3c15f51ab46) C:\Windows\system32\drivers\RTKVHDA.sys
18:15:43.0201 7360        IntcAzAudAddService - ok
18:15:43.0794 7360        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:15:43.0794 7360        intelide - ok
18:15:43.0841 7360        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:15:43.0872 7360        intelppm - ok
18:15:43.0903 7360        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
18:15:43.0919 7360        IPBusEnum - ok
18:15:43.0950 7360        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:15:43.0981 7360        IpFilterDriver - ok
18:15:44.0028 7360        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
18:15:44.0075 7360        iphlpsvc - ok
18:15:44.0075 7360        IpInIp - ok
18:15:44.0106 7360        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:15:44.0137 7360        IPMIDRV - ok
18:15:44.0324 7360        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:15:44.0371 7360        IPNAT - ok
18:15:44.0387 7360        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:15:44.0402 7360        IRENUM - ok
18:15:44.0418 7360        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:15:44.0433 7360        isapnp - ok
18:15:44.0496 7360        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:15:44.0511 7360        iScsiPrt - ok
18:15:44.0527 7360        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:15:44.0543 7360        iteatapi - ok
18:15:44.0558 7360        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:15:44.0574 7360        iteraid - ok
18:15:44.0652 7360        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:15:44.0667 7360        kbdclass - ok
18:15:44.0699 7360        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:15:44.0714 7360        kbdhid - ok
18:15:44.0745 7360        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:15:44.0808 7360        KeyIso - ok
18:15:44.0823 7360        KMDFMEMIO      (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
18:15:44.0870 7360        KMDFMEMIO - ok
18:15:44.0948 7360        KSecDD          (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
18:15:44.0964 7360        KSecDD - ok
18:15:45.0073 7360        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
18:15:45.0104 7360        KtmRm - ok
18:15:45.0260 7360        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
18:15:45.0307 7360        LanmanServer - ok
18:15:45.0354 7360        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
18:15:45.0401 7360        LanmanWorkstation - ok
18:15:45.0447 7360        lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
18:15:45.0447 7360        lirsgt ( UnsignedFile.Multi.Generic ) - warning
18:15:45.0447 7360        lirsgt - detected UnsignedFile.Multi.Generic (1)
18:15:45.0479 7360        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:15:45.0525 7360        lltdio - ok
18:15:45.0557 7360        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
18:15:45.0588 7360        lltdsvc - ok
18:15:45.0603 7360        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:15:45.0650 7360        lmhosts - ok
18:15:45.0791 7360        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:15:45.0806 7360        LSI_FC - ok
18:15:45.0837 7360        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:15:45.0853 7360        LSI_SAS - ok
18:15:45.0884 7360        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:15:45.0900 7360        LSI_SCSI - ok
18:15:46.0056 7360        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:15:46.0103 7360        luafv - ok
18:15:46.0134 7360        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
18:15:46.0165 7360        Mcx2Svc - ok
18:15:46.0446 7360        MDM            (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:15:46.0461 7360        MDM - ok
18:15:46.0493 7360        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:15:46.0508 7360        megasas - ok
18:15:46.0914 7360        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:15:46.0961 7360        MegaSR - ok
18:15:47.0444 7360        Microsoft SharePoint Workspace Audit Service - ok
18:15:47.0538 7360        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:15:47.0600 7360        MMCSS - ok
18:15:47.0616 7360        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:15:47.0663 7360        Modem - ok
18:15:47.0678 7360        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:15:47.0709 7360        monitor - ok
18:15:47.0787 7360        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:15:47.0803 7360        mouclass - ok
18:15:47.0819 7360        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:15:47.0865 7360        mouhid - ok
18:15:47.0881 7360        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:15:47.0897 7360        MountMgr - ok
18:15:48.0099 7360        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:15:48.0115 7360        MozillaMaintenance - ok
18:15:48.0162 7360        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:15:48.0162 7360        mpio - ok
18:15:48.0209 7360        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:15:48.0224 7360        mpsdrv - ok
18:15:48.0661 7360        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
18:15:48.0708 7360        MpsSvc - ok
18:15:48.0723 7360        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:15:48.0739 7360        Mraid35x - ok
18:15:48.0770 7360        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:15:48.0801 7360        MRxDAV - ok
18:15:48.0833 7360        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:15:48.0926 7360        mrxsmb - ok
18:15:48.0957 7360        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:15:48.0973 7360        mrxsmb10 - ok
18:15:48.0989 7360        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:15:49.0020 7360        mrxsmb20 - ok
18:15:49.0051 7360        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
18:15:49.0051 7360        msahci - ok
18:15:49.0098 7360        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:15:49.0113 7360        msdsm - ok
18:15:49.0160 7360        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
18:15:49.0176 7360        MSDTC - ok
18:15:49.0191 7360        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:15:49.0238 7360        Msfs - ok
18:15:49.0254 7360        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:15:49.0269 7360        msisadrv - ok
18:15:49.0301 7360        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
18:15:49.0332 7360        MSiSCSI - ok
18:15:49.0332 7360        msiserver - ok
18:15:49.0379 7360        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:15:49.0394 7360        MSKSSRV - ok
18:15:49.0425 7360        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:15:49.0457 7360        MSPCLOCK - ok
18:15:49.0472 7360        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:15:49.0503 7360        MSPQM - ok
18:15:49.0581 7360        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:15:49.0597 7360        MsRPC - ok
18:15:49.0613 7360        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:15:49.0628 7360        mssmbios - ok
18:15:49.0706 7360        MSSQL$AUTODESKVAULT - ok
18:15:49.0784 7360        MSSQL$SQLEXPRESS - ok
18:15:49.0847 7360        MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:15:49.0847 7360        MSSQLServerADHelper - ok
18:15:49.0909 7360        MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:15:49.0909 7360        MSSQLServerADHelper100 - ok
18:15:49.0940 7360        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:15:49.0971 7360        MSTEE - ok
18:15:51.0797 7360        msvsmon80      (73fa09b84b23a1897809a84f976d5d99) C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
18:15:51.0953 7360        msvsmon80 - ok
18:15:53.0201 7360        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:15:53.0216 7360        Mup - ok
18:15:53.0232 7360        mvusbews        (b9df137953a5280eddbd4a705ca093a2) C:\Windows\system32\Drivers\mvusbews.sys
18:15:53.0263 7360        mvusbews - ok
18:15:53.0388 7360        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
18:15:53.0419 7360        napagent - ok
18:15:53.0481 7360        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:15:53.0497 7360        NativeWifiP - ok
18:15:53.0559 7360        NCFilter        (157e98b2dd9139c7d55049fe635bd39f) C:\Windows\system32\DRIVERS\NCFilter.sys
18:15:53.0591 7360        NCFilter - ok
18:15:53.0903 7360        NCFSD          (df04002fb1f6c9dcb438b9324640ccdb) C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys
18:15:53.0934 7360        NCFSD - ok
18:15:54.0012 7360        NCIOCTL        (54adec9108c5a0bf9d21e4a6ef062db1) C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys
18:15:54.0043 7360        NCIOCTL - ok
18:15:54.0168 7360        NCRecognizer    (450b8c689b73c39816fb872404805517) C:\Windows\system32\DRIVERS\NCRecognizer.sys
18:15:54.0199 7360        NCRecognizer - ok
18:15:54.0277 7360        NCUncFilter    (d28874f3ce6badd9884c62391b39133f) C:\Windows\system32\DRIVERS\NCUncFilter.sys
18:15:54.0293 7360        NCUncFilter - ok
18:15:54.0464 7360        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:15:54.0511 7360        NDIS - ok
18:15:54.0558 7360        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:15:54.0589 7360        NdisTapi - ok
18:15:54.0605 7360        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:15:54.0620 7360        Ndisuio - ok
18:15:54.0854 7360        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:15:54.0885 7360        NdisWan - ok
18:15:54.0901 7360        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:15:54.0917 7360        NDProxy - ok
18:15:54.0932 7360        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:15:54.0979 7360        NetBIOS - ok
18:15:55.0010 7360        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:15:55.0041 7360        netbt - ok
18:15:55.0057 7360        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:15:55.0073 7360        Netlogon - ok
18:15:55.0369 7360        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
18:15:55.0431 7360        Netman - ok
18:15:55.0931 7360        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:15:55.0946 7360        NetMsmqActivator - ok
18:15:55.0946 7360        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:15:55.0962 7360        NetPipeActivator - ok
18:15:56.0165 7360        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
18:15:56.0196 7360        netprofm - ok
18:15:56.0211 7360        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:15:56.0211 7360        NetTcpActivator - ok
18:15:56.0227 7360        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:15:56.0227 7360        NetTcpPortSharing - ok
18:15:56.0726 7360        NETw3v32        (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
18:15:56.0882 7360        NETw3v32 - ok
18:16:01.0500 7360        NETw5v32        (0b214c6a4728f085fb64a29ed9c4de94) C:\Windows\system32\DRIVERS\NETw5v32.sys
18:16:01.0703 7360        NETw5v32 - ok
18:16:01.0874 7360        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:16:01.0890 7360        nfrd960 - ok
18:16:02.0139 7360        NICM            (a1ef820415ed5bbe0dbb3f67866bd2e1) C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys
18:16:02.0186 7360        NICM - ok
18:16:02.0405 7360        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
18:16:02.0420 7360        NlaSvc - ok
18:16:02.0451 7360        nmwcd          (f6c40e0a565ee3ce5aeeb325e10054f2) C:\Windows\system32\drivers\ccdcmb.sys
18:16:02.0514 7360        nmwcd - ok
18:16:02.0545 7360        nmwcdc          (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\Windows\system32\drivers\ccdcmbo.sys
18:16:02.0592 7360        nmwcdc - ok
18:16:02.0623 7360        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:16:02.0639 7360        Npfs - ok
18:16:02.0654 7360        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
18:16:02.0685 7360        nsi - ok
18:16:02.0717 7360        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:16:02.0763 7360        nsiproxy - ok
18:16:02.0763 7360        NSNDIS5 - ok
18:16:02.0904 7360        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:16:02.0966 7360        Ntfs - ok
18:16:02.0997 7360        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:16:03.0044 7360        ntrigdigi - ok
18:16:03.0060 7360        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:16:03.0075 7360        Null - ok
18:16:03.0138 7360        NVHDA          (93c0f383b39b1f5fe7203e3270d4cf52) C:\Windows\system32\drivers\nvhda32v.sys
18:16:03.0169 7360        NVHDA - ok
18:16:04.0230 7360        nvlddmkm        (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:16:04.0713 7360        nvlddmkm - ok
18:16:04.0838 7360        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:16:04.0854 7360        nvraid - ok
18:16:04.0869 7360        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:16:04.0885 7360        nvstor - ok
18:16:04.0994 7360        nvsvc          (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe
18:16:05.0072 7360        nvsvc - ok
18:16:05.0306 7360        nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:16:05.0447 7360        nvUpdatusService - ok
18:16:05.0571 7360        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:16:05.0587 7360        nv_agp - ok
18:16:05.0587 7360        NwlnkFlt - ok
18:16:05.0603 7360        NwlnkFwd - ok
18:16:05.0618 7360        ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
18:16:05.0634 7360        ohci1394 - ok
18:16:05.0712 7360        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:16:05.0727 7360        ose - ok
18:16:06.0039 7360        osppsvc        (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:16:06.0211 7360        osppsvc - ok
18:16:07.0319 7360        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:16:07.0412 7360        p2pimsvc - ok
18:16:07.0428 7360        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:16:07.0443 7360        p2psvc - ok
18:16:07.0506 7360        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:16:07.0537 7360        Parport - ok
18:16:07.0568 7360        partmgr        (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
18:16:07.0584 7360        partmgr - ok
18:16:07.0599 7360        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:16:07.0646 7360        Parvdm - ok
18:16:07.0709 7360        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
18:16:07.0771 7360        PcaSvc - ok
18:16:07.0818 7360        pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
18:16:07.0849 7360        pccsmcfd - ok
18:16:07.0911 7360        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:16:07.0927 7360        pci - ok
18:16:07.0943 7360        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
18:16:07.0958 7360        pciide - ok
18:16:07.0989 7360        pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
18:16:08.0005 7360        pcmcia - ok
18:16:08.0067 7360        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:16:08.0145 7360        PEAUTH - ok
18:16:08.0411 7360        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
18:16:08.0489 7360        pla - ok
18:16:08.0879 7360        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
18:16:08.0910 7360        PlugPlay - ok
18:16:09.0830 7360        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:16:09.0861 7360        PNRPAutoReg - ok
18:16:09.0861 7360        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:16:09.0893 7360        PNRPsvc - ok
18:16:10.0298 7360        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
18:16:10.0361 7360        PolicyAgent - ok
18:16:10.0829 7360        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:16:10.0875 7360        PptpMiniport - ok
18:16:11.0156 7360        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:16:11.0203 7360        Processor - ok
18:16:11.0858 7360        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
18:16:11.0874 7360        ProfSvc - ok
18:16:11.0983 7360        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:16:11.0999 7360        ProtectedStorage - ok
18:16:12.0248 7360        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:16:12.0295 7360        PSched - ok
18:16:12.0857 7360        PSI_SVC_2      (543a4ef0923bf70d126625b034ef25af) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
18:16:12.0872 7360        PSI_SVC_2 - ok
18:16:14.0479 7360        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:16:14.0557 7360        ql2300 - ok
18:16:14.0978 7360        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:16:15.0009 7360        ql40xx - ok
18:16:15.0041 7360        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
18:16:15.0072 7360        QWAVE - ok
18:16:15.0087 7360        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:16:15.0103 7360        QWAVEdrv - ok
18:16:15.0165 7360        RapiMgr        (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll
18:16:15.0197 7360        RapiMgr - ok
18:16:15.0228 7360        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:16:15.0243 7360        RasAcd - ok
18:16:15.0259 7360        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
18:16:15.0306 7360        RasAuto - ok
18:16:15.0306 7360        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:16:15.0337 7360        Rasl2tp - ok
18:16:15.0384 7360        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
18:16:15.0431 7360        RasMan - ok
18:16:15.0462 7360        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:16:15.0477 7360        RasPppoe - ok
18:16:15.0587 7360        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:16:15.0618 7360        RasSstp - ok
18:16:15.0758 7360        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:16:15.0774 7360        rdbss - ok
18:16:15.0805 7360        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:16:15.0836 7360        RDPCDD - ok
18:16:15.0867 7360        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:16:15.0899 7360        rdpdr - ok
18:16:15.0899 7360        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:16:15.0930 7360        RDPENCDD - ok
18:16:15.0961 7360        RDPWD          (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
18:16:16.0008 7360        RDPWD - ok
18:16:16.0585 7360        RegSrvc        (3c109efd0cef1b540ed3c7f573594bfd) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:16:16.0616 7360        RegSrvc ( UnsignedFile.Multi.Generic ) - warning
18:16:16.0616 7360        RegSrvc - detected UnsignedFile.Multi.Generic (1)
18:16:16.0663 7360        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
18:16:16.0694 7360        RemoteAccess - ok
18:16:16.0741 7360        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
18:16:16.0788 7360        RemoteRegistry - ok
18:16:16.0819 7360        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
18:16:16.0850 7360        RFCOMM - ok
18:16:16.0881 7360        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:16:16.0913 7360        RpcLocator - ok
18:16:16.0991 7360        RpcSs          (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:16:17.0022 7360        RpcSs - ok
18:16:17.0053 7360        RsFx0105        (6a7360e36cbd636972aeef0dd292a946) C:\Windows\system32\DRIVERS\RsFx0105.sys
18:16:17.0069 7360        RsFx0105 - ok
18:16:17.0100 7360        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:16:17.0147 7360        rspndr - ok
18:16:17.0147 7360        s0017bus - ok
18:16:17.0147 7360        s0017mdfl - ok
18:16:17.0147 7360        s0017mdm - ok
18:16:17.0162 7360        s0017mgmt - ok
18:16:17.0178 7360        s0017nd5 - ok
18:16:17.0178 7360        s0017obex - ok
18:16:17.0178 7360        s0017unic - ok
18:16:17.0225 7360        SamSs          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:16:17.0240 7360        SamSs - ok
18:16:17.0334 7360        Samsung Update Plus (a9d840fa78f65857eb554229914f855c) C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
18:16:17.0349 7360        Samsung Update Plus ( UnsignedFile.Multi.Generic ) - warning
18:16:17.0349 7360        Samsung Update Plus - detected UnsignedFile.Multi.Generic (1)
18:16:17.0443 7360        SbieDrv        (1fbd21895b768cd40e83b86c18e6454f) D:\Programme\Sandboxie\SbieDrv.sys
18:16:17.0459 7360        SbieDrv - ok
18:16:17.0521 7360        SbieSvc        (d5d875d6662f30c7fbf5f6879452b12b) D:\Programme\Sandboxie\SbieSvc.exe
18:16:17.0537 7360        SbieSvc - ok
18:16:17.0615 7360        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:16:17.0630 7360        sbp2port - ok
18:16:17.0693 7360        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
18:16:17.0708 7360        SCardSvr - ok
18:16:17.0771 7360        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
18:16:17.0849 7360        Schedule - ok
18:16:17.0880 7360        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:16:17.0895 7360        SCPolicySvc - ok
18:16:17.0958 7360        sdbus          (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
18:16:18.0005 7360        sdbus - ok
18:16:18.0020 7360        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
18:16:18.0051 7360        SDRSVC - ok
18:16:18.0067 7360        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:16:18.0114 7360        secdrv - ok
18:16:18.0129 7360        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
18:16:18.0161 7360        seclogon - ok
18:16:18.0176 7360        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
18:16:18.0207 7360        SENS - ok
18:16:18.0254 7360        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:16:18.0301 7360        Serenum - ok
18:16:18.0317 7360        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:16:18.0395 7360        Serial - ok
18:16:18.0426 7360        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:16:18.0441 7360        sermouse - ok
18:16:19.0253 7360        ServiceLayer    (c15b813f2fdb44f87f23312472c6e790) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
18:16:19.0299 7360        ServiceLayer - ok
18:16:19.0424 7360        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
18:16:19.0440 7360        SessionEnv - ok
18:16:19.0455 7360        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:16:19.0487 7360        sffdisk - ok
18:16:19.0502 7360        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:16:19.0533 7360        sffp_mmc - ok
18:16:19.0549 7360        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:16:19.0580 7360        sffp_sd - ok
18:16:19.0596 7360        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:16:19.0643 7360        sfloppy - ok
18:16:19.0689 7360        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
18:16:19.0736 7360        SharedAccess - ok
18:16:19.0892 7360        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
18:16:19.0955 7360        ShellHWDetection - ok
18:16:19.0986 7360        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:16:20.0001 7360        sisagp - ok
18:16:20.0017 7360        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:16:20.0033 7360        SiSRaid2 - ok
18:16:20.0048 7360        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:16:20.0064 7360        SiSRaid4 - ok
18:16:20.0298 7360        SkypeUpdate    (ddaa5f4a6b958fc313ebd02dd925752f) D:\Programme\Skype\Updater\Updater.exe
18:16:20.0313 7360        SkypeUpdate - ok
18:16:21.0530 7360        slsvc          (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
18:16:21.0702 7360        slsvc - ok
18:16:21.0827 7360        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
18:16:21.0858 7360        SLUINotify - ok
18:16:21.0920 7360        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:16:21.0951 7360        Smb - ok
18:16:21.0983 7360        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:16:21.0998 7360        SNMPTRAP - ok
18:16:22.0107 7360        SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
18:16:22.0107 7360        SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:16:22.0107 7360        SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:16:22.0139 7360        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:16:22.0139 7360        spldr - ok
18:16:22.0201 7360        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
18:16:22.0232 7360        Spooler - ok
18:16:22.0295 7360        sptd            (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
18:16:22.0357 7360        sptd - ok
18:16:22.0451 7360        SQLAgent$SQLEXPRESS (a892134c28777978ecde8283dc57ac0f) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:16:22.0482 7360        SQLAgent$SQLEXPRESS - ok
18:16:22.0544 7360        SQLBrowser      (10d936dced9eacd1a1b3fcdda6d7a4eb) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:16:22.0560 7360        SQLBrowser - ok
18:16:22.0607 7360        SQLWriter      (135cdccc167ef0c250125bbd3abe18d5) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:16:22.0622 7360        SQLWriter - ok
18:16:22.0747 7360        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:16:22.0778 7360        srv - ok
18:16:22.0809 7360        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:16:22.0841 7360        srv2 - ok
18:16:22.0872 7360        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:16:22.0887 7360        srvnet - ok
18:16:22.0919 7360        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
18:16:22.0950 7360        SSDPSRV - ok
18:16:22.0997 7360        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:16:23.0012 7360        ssmdrv - ok
18:16:23.0043 7360        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
18:16:23.0059 7360        SstpSvc - ok
18:16:23.0106 7360        ssudmdm        (07318149e102fd9197ab444c27774372) C:\Windows\system32\DRIVERS\ssudmdm.sys
18:16:23.0137 7360        ssudmdm - ok
18:16:23.0199 7360        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
18:16:23.0246 7360        stisvc - ok
18:16:23.0340 7360        StkCMini        (ab80c9dde1f8d9f9f946365205ed55eb) C:\Windows\system32\Drivers\StkCMini.sys
18:16:23.0402 7360        StkCMini - ok
18:16:23.0496 7360        StkSSrv        (45062bf3aeeb2febe29a67d0448571db) C:\Windows\System32\StkCSrv.exe
18:16:23.0527 7360        StkSSrv - ok
18:16:23.0574 7360        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:16:23.0574 7360        swenum - ok
18:16:23.0636 7360        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
18:16:23.0652 7360        swprv - ok
18:16:23.0667 7360        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:16:23.0683 7360        Symc8xx - ok
18:16:23.0699 7360        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:16:23.0714 7360        Sym_hi - ok
18:16:23.0730 7360        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:16:23.0745 7360        Sym_u3 - ok
18:16:23.0792 7360        SynTP          (71837fbce3fd8143953444b3ff7938dc) C:\Windows\system32\DRIVERS\SynTP.sys
18:16:23.0823 7360        SynTP - ok
18:16:23.0886 7360        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
18:16:23.0964 7360        SysMain - ok
18:16:23.0995 7360        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:16:24.0026 7360        TabletInputService - ok
18:16:24.0073 7360        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
18:16:24.0089 7360        TapiSrv - ok
18:16:24.0104 7360        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
18:16:24.0135 7360        TBS - ok
18:16:24.0198 7360        Tcpip          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
18:16:24.0245 7360        Tcpip - ok
18:16:24.0260 7360        Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
18:16:24.0291 7360        Tcpip6 - ok
18:16:24.0323 7360        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:16:24.0354 7360        tcpipreg - ok
18:16:24.0385 7360        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:16:24.0401 7360        TDPIPE - ok
18:16:24.0416 7360        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:16:24.0432 7360        TDTCP - ok
18:16:24.0463 7360        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:16:24.0494 7360        tdx - ok
18:16:24.0525 7360        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:16:24.0541 7360        TermDD - ok
18:16:24.0603 7360        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
18:16:24.0650 7360        TermService - ok
18:16:24.0713 7360        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
18:16:24.0728 7360        Themes - ok
18:16:24.0744 7360        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:16:24.0759 7360        THREADORDER - ok
18:16:24.0806 7360        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
18:16:24.0837 7360        TrkWks - ok
18:16:24.0900 7360        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
18:16:24.0915 7360        TrustedInstaller - ok
18:16:24.0947 7360        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:16:24.0978 7360        tssecsrv - ok
18:16:24.0993 7360        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:16:25.0025 7360        tunmp - ok
18:16:25.0071 7360        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:16:25.0087 7360        tunnel - ok
18:16:25.0103 7360        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:16:25.0118 7360        uagp35 - ok
18:16:25.0149 7360        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:16:25.0165 7360        udfs - ok
18:16:25.0196 7360        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
18:16:25.0227 7360        UI0Detect - ok
18:16:25.0243 7360        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:16:25.0259 7360        uliagpkx - ok
18:16:25.0290 7360        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:16:25.0305 7360        uliahci - ok
18:16:25.0337 7360        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:16:25.0337 7360        UlSata - ok
18:16:25.0368 7360        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:16:25.0368 7360        ulsata2 - ok
18:16:25.0383 7360        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:16:25.0430 7360        umbus - ok
18:16:25.0446 7360        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
18:16:25.0493 7360        upnphost - ok
18:16:25.0508 7360        upperdev        (47f5f9d837d80ffd5882a14db9da0a67) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
18:16:25.0539 7360        upperdev - ok
18:16:25.0571 7360        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:16:25.0602 7360        usbccgp - ok
18:16:25.0633 7360        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:16:25.0680 7360        usbcir - ok
18:16:25.0711 7360        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:16:25.0742 7360        usbehci - ok
18:16:25.0773 7360        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:16:25.0805 7360        usbhub - ok
18:16:25.0820 7360        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:16:25.0867 7360        usbohci - ok
18:16:25.0898 7360        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:16:25.0914 7360        usbprint - ok
18:16:25.0929 7360        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:16:25.0945 7360        usbscan - ok
18:16:25.0992 7360        usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
18:16:26.0007 7360        usbser - ok
18:16:26.0039 7360        UsbserFilt      (e44f0d17be0908b58dcc99ccb99c6c32) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
18:16:26.0070 7360        UsbserFilt - ok
18:16:26.0101 7360        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:16:26.0132 7360        USBSTOR - ok
18:16:26.0163 7360        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:16:26.0210 7360        usbuhci - ok
18:16:26.0241 7360        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:16:26.0273 7360        usbvideo - ok
18:16:26.0304 7360        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
18:16:26.0335 7360        UxSms - ok
18:16:26.0382 7360        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
18:16:26.0460 7360        vds - ok
18:16:26.0491 7360        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:16:26.0522 7360        vga - ok
18:16:26.0538 7360        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:16:26.0569 7360        VgaSave - ok
18:16:26.0585 7360        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:16:26.0600 7360        viaagp - ok
18:16:26.0631 7360        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:16:26.0647 7360        ViaC7 - ok
18:16:26.0663 7360        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:16:26.0678 7360        viaide - ok
18:16:26.0741 7360        vmm            (e41fef9e3056fe88c71e411f705be41e) C:\Windows\system32\Drivers\vmm.sys
18:16:26.0741 7360        vmm - ok
18:16:26.0756 7360        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:16:26.0772 7360        volmgr - ok
18:16:26.0834 7360        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:16:26.0850 7360        volmgrx - ok
18:16:26.0897 7360        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:16:26.0912 7360        volsnap - ok
18:16:26.0928 7360        VPCNetS2        (f96a678debdccb0b4bb7f38cb2580589) C:\Windows\system32\DRIVERS\VMNetSrv.sys
18:16:26.0943 7360        VPCNetS2 - ok
18:16:26.0990 7360        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:16:27.0006 7360        vsmraid - ok
18:16:27.0193 7360        VSPerfDrv100    (143c873a90e834f38733bb05d686a9e7) D:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
18:16:27.0209 7360        VSPerfDrv100 - ok
18:16:27.0302 7360        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
18:16:27.0396 7360        VSS - ok
18:16:27.0443 7360        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
18:16:27.0458 7360        W32Time - ok
18:16:27.0521 7360        W3SVC          (9ca92191c8f18e8b491a5b28e63c07b7) C:\Windows\system32\inetsrv\iisw3adm.dll
18:16:27.0583 7360        W3SVC - ok
18:16:27.0630 7360        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:16:27.0677 7360        WacomPen - ok
18:16:27.0692 7360        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:16:27.0723 7360        Wanarp - ok
18:16:27.0723 7360        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:16:27.0739 7360        Wanarpv6 - ok
18:16:27.0755 7360        WAS            (9ca92191c8f18e8b491a5b28e63c07b7) C:\Windows\system32\inetsrv\iisw3adm.dll
18:16:27.0770 7360        WAS - ok
18:16:27.0848 7360        WcesComm        (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll
18:16:27.0911 7360        WcesComm - ok
18:16:27.0957 7360        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
18:16:27.0989 7360        wcncsvc - ok
18:16:28.0020 7360        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:16:28.0051 7360        WcsPlugInService - ok
18:16:28.0082 7360        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:16:28.0082 7360        Wd - ok
18:16:28.0145 7360        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:16:28.0176 7360        Wdf01000 - ok
18:16:28.0207 7360        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:16:28.0238 7360        WdiServiceHost - ok
18:16:28.0238 7360        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:16:28.0254 7360        WdiSystemHost - ok
18:16:28.0301 7360        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
18:16:28.0332 7360        WebClient - ok
18:16:28.0379 7360        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
18:16:28.0410 7360        Wecsvc - ok
18:16:28.0425 7360        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
18:16:28.0457 7360        wercplsupport - ok
18:16:28.0488 7360        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
18:16:28.0519 7360        WerSvc - ok
18:16:28.0566 7360        wimmount        (05fb36a51e04a6c6b3a5f125fa692e6b) C:\Windows\system32\DRIVERS\wimmount.sys
18:16:28.0566 7360        wimmount - ok
18:16:28.0644 7360        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
18:16:28.0659 7360        WinDefend - ok
18:16:28.0675 7360        WinHttpAutoProxySvc - ok
18:16:28.0737 7360        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
18:16:28.0753 7360        Winmgmt - ok
18:16:28.0862 7360        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
18:16:28.0971 7360        WinRM - ok
18:16:29.0018 7360        winusb          (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
18:16:29.0049 7360        winusb - ok
18:16:29.0127 7360        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
18:16:29.0190 7360        Wlansvc - ok
18:16:29.0221 7360        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
18:16:29.0237 7360        WmiAcpi - ok
18:16:29.0315 7360        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
18:16:29.0330 7360        wmiApSrv - ok
18:16:29.0424 7360        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:16:29.0517 7360        WMPNetworkSvc - ok
18:16:29.0564 7360        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
18:16:29.0627 7360        WPCSvc - ok
18:16:29.0658 7360        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
18:16:29.0689 7360        WPDBusEnum - ok
18:16:29.0751 7360        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:16:29.0751 7360        WpdUsb - ok
18:16:29.0907 7360        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:16:29.0939 7360        WPFFontCache_v0400 - ok
18:16:29.0970 7360        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:16:30.0001 7360        ws2ifsl - ok
18:16:30.0032 7360        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
18:16:30.0063 7360        wscsvc - ok
18:16:30.0063 7360        WSearch - ok
18:16:30.0188 7360        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
18:16:30.0297 7360        wuauserv - ok
18:16:30.0438 7360        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
18:16:30.0469 7360        WudfPf - ok
18:16:30.0500 7360        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:16:30.0547 7360        WUDFRd - ok
18:16:30.0563 7360        wudfsvc        (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
18:16:30.0609 7360        wudfsvc - ok
18:16:30.0703 7360        XTSvcMgr        (3d130383a56db5de539aa6bb269e1a6c) C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
18:16:30.0734 7360        XTSvcMgr - ok
18:16:30.0765 7360        yukonwlh        (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
18:16:30.0812 7360        yukonwlh - ok
18:16:30.0859 7360        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:16:31.0218 7360        \Device\Harddisk0\DR0 - ok
18:16:31.0233 7360        Boot (0x1200)  (7f27e7a5f99764e0541c909692381695) \Device\Harddisk0\DR0\Partition0
18:16:31.0233 7360        \Device\Harddisk0\DR0\Partition0 - ok
18:16:31.0265 7360        Boot (0x1200)  (cebc2d5c0fb78ef07b6e43ff5cf87230) \Device\Harddisk0\DR0\Partition1
18:16:31.0265 7360        \Device\Harddisk0\DR0\Partition1 - ok
18:16:31.0265 7360        ============================================================
18:16:31.0265 7360        Scan finished
18:16:31.0265 7360        ============================================================
18:16:31.0265 5344        Detected object count: 13
18:16:31.0265 5344        Actual detected object count: 13
18:17:11.0778 5344        ANSYS, Inc. License Manager ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0778 5344        ANSYS, Inc. License Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344        atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344        atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344        Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344        Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344        Ch2kPS2M ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344        Ch2kPS2M ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344        Cherry Device Interface ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344        Cherry Device Interface ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344        CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344        CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344        epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344        epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344        EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344        EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344        EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344        EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344        lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344        lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0793 5344        RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344        RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0809 5344        Samsung Update Plus ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0809 5344        Samsung Update Plus ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0809 5344        SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0809 5344        SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:42.0713 1784        Deinitialize success
Meine Anmerkungen:
  • Cherry Keyboardmanager (Ch2kPS2M.sys, cdi.exe) ist installiert, wird aber nicht zwingend benötigt -> zur Sicherheit deinstallieren?
  • EASEUS Partition Master 9.1.1 (epmntdrv.sys, EuGdiDrv.sys) ist installiert, wird nichtmehr benötigt -> deinstallieren?
  • Intel WiFi (EvtEng.exe, RegSrvc.exe) ist installiert, ich bin mir nicht sicher ob das benötigt wird (Klar WLan, aber das müsste auch ohne laufen?)
  • Samsung Update Plus nutze ich nicht, könnte also auch deinstalliert werden.
  • SolidWorks wird nichtmehr benötigt, kann auch weg.
  • atksgt.sys und lirsgt.sys gehören wohl zu einem Spiel-Kopierschutz und könnten auch weg (google-suche)
Ich warte mit dem Deinstallieren noch, bis ich ein ok von dir höre.

Gruß

markusg 25.07.2012 22:09
lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Ilu 25.07.2012 23:53
Code:
7-Zip 4.65                20.07.2009        3,13MB        // unnötig
ActivePerl 5.14.2 Build 1402        ActiveState        03.03.2012        75,9MB        5.14.1402 // unnötig
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        05.05.2012                11.2.202.235 // notwendig
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        16.07.2012                11.3.300.265 // notwendig
Adobe Photoshop CS4        Adobe Systems Incorporated        01.06.2009                11.0 // notwendig
Adobe Reader X (10.1.3) - Deutsch        Adobe Systems Incorporated        13.04.2012                10.1.3 // notwendig
Adobe Shockwave Player 11.5        Adobe Systems, Inc.        09.02.2011        7,52MB        11.5.9.620 // notwendig
Agere Systems HDA Modem        Agere Systems        25.06.2008                // unnötig (wohl von Nokia Ovi)
Android SDK Tools        Google Inc.        14.07.2012        488MB        1.16 // notwendig
Atheros WLAN Client                04.08.2008        876KB        1.00.000 // unbekannt
Audacity 1.2.6                30.05.2009        8,43MB        // unnötig
AutoCAD 2010 - Deutsch        Autodesk        21.01.2010        768MB        18.0.55.0 // unnötig
Autodesk Design Review 2010        Autodesk, Inc.        21.01.2010        112MB        10.0.0.108 // notwendig
Autodesk Inventor Content Center Libraries 2010 (Desktop Content)        Autodesk, Inc.        21.01.2010        1,31MB        14.0.0000.22302 // notwendig
Autodesk Inventor Professional 2010        Autodesk, Inc.        21.01.2010        1,91GB        14.1.0000.25300 // notwendig
Avira Free Antivirus        Avira        08.05.2012        66,4MB        12.0.0.1125 // notwendig
Battlefield 3™        Electronic Arts        17.11.2011                1.0.0.0 // unnötig
calibre        Kovid Goyal        15.05.2011        128MB        0.8.1  // unnötig
Canon MP Navigator EX 1.0                05.09.2008        65,9MB        // notwendig
Canon MP610 series                05.09.2008                // notwendig
Canon MP610 series Benutzerregistrierung                05.09.2008        528KB        // notwendig (wegen Druck-Treiber/Software?)
Canon My Printer                02.02.2012        2,14MB        // notwendig
CCleaner        Piriform        22.06.2012        4,76MB        3.20 // notwendig
CD-LabelPrint                05.09.2008        11,7MB        // notwendig (wegen Druck-Treiber/Software?)
Cisco Systems VPN Client 5.0.03.0560        Cisco Systems, Inc.        12.10.2008        12,3MB        5.0.3 // notwendig
Citavi        Swiss Academic Software        04.03.2012        69,2MB        3.2.0.0 // notwendig
Citrix Online Plug-in - Web        Citrix Systems, Inc.        15.03.2011        16,0MB        12.1.0.30 // notwendig
Compatibility Pack for the 2007 Office system        Microsoft Corporation        10.05.2012                12.0.6612.1000  // unbekannt (Office 07 war aber mal installiert)
Deep Exploration 6 CE        Right Hemisphere        08.06.2011        459MB        6.1 // unnötig
DisplayFusion 3.4.1        Binary Fortress Software        29.01.2012        9,94MB        3.4.1.0 // notwendig
Dotfuscator Software Services - Community Edition        PreEmptive Solutions        05.05.2012        6,45MB        5.0.2500.0 // unbekannt (.NET-Zeugs?)
Dotfuscator Software Services - Community Edition - DEU        PreEmptive Solutions        20.02.2011        2,84MB        5.0.2300.0 // unbekannt (.Net-Zeugs?)
DWG TrueView 2010        Autodesk        21.01.2010        266MB        18.0.55.0 // notwendig
EASEUS Partition Master 9.1.1 Home Edition        EASEUS        05.05.2012        38,1MB        // unnötig
Easy Battery Manager                04.08.2008        7,89MB        3.2.1.7 // notwendig
Easy Display Manager        Samsung        25.06.2008        12,4MB        2.0.0.0 // notwendig
Easy Network Manager 3.0        Ihr Firmenname        25.06.2008        36,9MB        3.0.0.0 // notwendig
Easy SpeedUp Manager                04.08.2008        3,99MB        2.0.1.0 // notwendig
EVEREST Ultimate Edition v5.01        Lavalys, Inc.        21.05.2009        15,5MB        5.01 // notwendig
ffdshow [rev 2975] [2009-05-28]                30.05.2009        10,9MB        1.0 // notwendig
FileZilla Client 3.3.3                12.08.2010        14,8MB        3.3.3 // unnötig
GPL Ghostscript 8.64                16.06.2010        22,5MB        // notwendig
GSview 4.9                16.06.2010        3,21MB        // notwendig
HP LaserJet Professional P1100-P1560-P1600 Series                03.04.2012        8,58MB        // unnötig
ICQ7.5        ICQ        06.06.2011        52,0MB        7.5 // unnötig
IguanaTex        IguanaTex Team        10.03.2012        181KB        1.0.0 // notwendig
Intel(R) PROSet/Wireless WiFi-Software        Intel(R) Corporation        25.06.2008        78,3MB        12.00.2000 // unnötig? Keine Ahnung
Intel® Matrix Storage Manager        Intel Corporation        04.08.2008        908KB        // unnötig? Keine Ahnung
IrfanView (remove only)        Irfan Skiljan        14.04.2012        1,60MB        4.32 // notwendig
Java(TM) 7 Update 5        Oracle        25.07.2012        99,3MB        7.0.50 // notwendig
JavaFX 2.1.1        Oracle Corporation        25.07.2012        20,8MB        2.1.1 // notwendig
KeyMan V3.6 Build 6        ZF Electronics GmbH        03.02.2012        10,3MB        3.6.0.6 // unnötig
LAME v3.99.3 (for Windows)                12.03.2012        1,55MB        // notwendig
latex2eps 0.11        Universität Duisburg-Essen - Hochfrequenztechnik        04.03.2012        8,25MB        // notwendig
League of Legends        Riot Games        30.08.2011        2,24GB        1.02.0000 // unnötig
MagicMap        Humboldt Universität zu Berlin        08.08.2008        15,8MB        0.9.3 // unnötig
Malwarebytes Anti-Malware Version 1.62.0.1300        Malwarebytes Corporation        23.07.2012        11,8MB        1.62.0.1300 // notwendig
Maple 12        Maplesoft        12.01.2009        699MB        12.0.0.0 // notwendig
Maple 15        Maplesoft        11.03.2012        1,30GB        15.0.0.0 // notwendig
Mathematica Extras 8.0 (2615434)        Wolfram Research, Inc.        03.06.2012        984KB        8.0.4 // notwendig
MATLAB R2012a        The MathWorks, Inc.        04.06.2012        6,01GB        7.14 // notwendig
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        27.02.2009        36,9MB        // unnötig? (da 4.0 vorhanden ist?)
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        01.02.2009        27,8MB        // unnötig? (da 4.0 vorhanden ist?)
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        01.07.2012        117MB        4.0.30320  // notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        01.07.2012        24,5MB        4.0.30320 // notwendig
Microsoft .NET Framework 4 Extended        Microsoft Corporation        01.07.2012        38,0MB        4.0.30320 // notwendig
Microsoft .NET Framework 4 Extended DEU Language Pack        Microsoft Corporation        01.07.2012        7,50MB        4.0.30320 // notwendig
Microsoft .NET Framework 4 Multi-Targeting Pack        Microsoft Corporation        20.02.2011        83,4MB        4.0.30319 // notwendig
Microsoft ASP.NET MVC 2        Microsoft Corporation        20.02.2011        481KB        2.0.50217.0 // notwendig (kommt mit Autodesk Inventor)
Microsoft ASP.NET MVC 2 - DEU        Microsoft Corporation        20.02.2011        24,0KB        2.0.50331.0 // notwendig (kommt mit Autodesk Inventor)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools        Microsoft Corporation        20.02.2011        2,26MB        2.0.50217.0 // notwendig
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU        Microsoft Corporation        20.02.2011        2,07MB        2.0.50331.0 // notwendig
Microsoft Games for Windows - LIVE        Microsoft Corporation        13.12.2009        8,31MB        3.1.186.0  // unnötig
Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        13.12.2009        32,3MB        3.1.99.0 // unnötig
Microsoft Help Viewer 1.1        Microsoft Corporation        05.05.2012        66,3MB        1.1.40219 // unbekannt
Microsoft Help Viewer 1.1 Language Pack - DEU        Microsoft Corporation        05.05.2012        66,3MB        1.1.40219 // unbekannt
Microsoft Office Professional Plus 2010        Microsoft Corporation        04.05.2012        715MB        14.0.6029.1000 // notwendig
Microsoft Project Professional 2010        Microsoft Corporation        04.05.2012        715MB        14.0.6029.1000 // notwendig
Microsoft Silverlight        Microsoft Corporation        11.05.2012                5.1.10411.0 // unnötig (kam garantiert irgendwo mit.. Keine Ahnung)
Microsoft Silverlight 3 SDK - Deutsch        Microsoft Corporation        20.02.2011        32,7MB        3.0.40818.0 // unbekannt (kam garantiert irgendwo mit.. Keine Ahnung)
Microsoft Silverlight 4 SDK        Microsoft Corporation        05.05.2012        51,6MB        4.0.50826.0 // unbekannt (kam garantiert irgendwo mit.. Keine Ahnung)
Microsoft SQL Server 2005        Microsoft Corporation        13.10.2008        42,6MB        // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server 2008        Microsoft Corporation        20.02.2011        3,09GB        // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server 2008 Browser        Microsoft Corporation        05.05.2012                10.3.5500.0 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server 2008 Native Client        Microsoft Corporation        05.05.2012        3,27MB        10.3.5500.0 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework        Microsoft Corporation        05.05.2012        5,54MB        10.50.1750.9 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server 2008 R2 Data-Tier Application Project        Microsoft Corporation        05.05.2012        11,8MB        10.50.1750.9 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server 2008 R2 Management Objects        Microsoft Corporation        05.05.2012        12,4MB        10.50.1750.9 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service        Microsoft Corporation        05.05.2012        6,72MB        10.50.1750.9 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server Compact 3.5 SP2 DEU        Microsoft Corporation        20.02.2011        3,69MB        3.5.8080.0 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server Compact 3.5 SP2 ENU        Microsoft Corporation        04.11.2011        3,39MB        3.5.8080.0 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server Database Publishing Wizard 1.4        Microsoft Corporation        20.02.2011        10,1MB        10.1.2512.8 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server Native Client        Microsoft Corporation        04.05.2012        2,63MB        9.00.5000.00 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server System CLR Types        Microsoft Corporation        05.05.2012        929KB        10.50.1750.9 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server VSS Writer        Microsoft Corporation        05.05.2012                10.3.5500.0 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft Sync Framework Runtime v1.0 SP1 (x86) de        Microsoft Corporation        20.02.2011        843KB        1.0.3010.0 // unbekannt
Microsoft Sync Framework SDK v1.0 SP1 de        Microsoft Corporation        20.02.2011        30,0MB        1.0.3010.0 // unbekannt
Microsoft Sync Framework Services v1.0 SP1 (x86) de        Microsoft Corporation        20.02.2011        2,06MB        1.0.3010.0 // unbekannt
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de        Microsoft Corporation        20.02.2011        596KB        2.0.3010.0 // unbekannt
Microsoft Team Foundation Server 2010-Objektmodell - DEU        Microsoft Corporation        05.05.2012                10.0.40219 // notwendig
Microsoft Virtual PC 2007        Microsoft Corporation        22.01.2012        36,7MB        6.0.156.0 // unnötig
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        21.02.2012        294KB        8.0.56336 // unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        06.10.2010        597KB        9.0.30729 // unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        27.06.2009        590KB        9.0.30729 // unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        02.03.2011        223KB        9.0.30729.4148 // unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974        Microsoft Corporation        20.02.2011        593KB        9.0.30729.4974 // unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        04.05.2012        594KB        9.0.30729.6161 // unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        18.04.2012                10.0.40219 // notwendig
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219        Microsoft Corporation        05.05.2012        15,9MB        10.0.40219 // notwendig
Microsoft Visual F# 2.0 Runtime        Microsoft Corporation        05.05.2012        5,82MB        10.0.40219 // unnötig
Microsoft Visual Studio 2005 Tools for Applications - ENU        Microsoft Corporation        20.01.2010        11,8MB        // unbekannt
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools        Microsoft Corporation        05.05.2012                10.0.40219 // unnötig
Microsoft Visual Studio 2010 Professional - DEU        Microsoft Corporation        20.02.2011        1,78GB        10.0.30319 // notwendig
Microsoft Visual Studio 2010 Professional - ENU        Microsoft Corporation        05.11.2011        2,33GB        10.0.30319 // notwendig
Microsoft Visual Studio 2010 Service Pack 1        Microsoft Corporation        05.05.2012        19,8MB        10.0.40219 // notwendig
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)        Microsoft Corporation        05.05.2012        7,19MB        10.0.31007 // unnötig
Microsoft Visual Studio 2010 Ultimate - ENU        Microsoft Corporation        06.11.2011        2,33GB        10.0.30319 // notwendig
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU        Microsoft Corporation        20.02.2011        7,19MB        10.0.30319 // unnötig
Microsoft Visual Studio Macro Tools        Microsoft Corporation        20.02.2011        29,1MB        9.0.30729 // unnötig
Microsoft Visual Studio Macro Tools - DEU Language Pack        Microsoft Corporation        20.02.2011        29,1MB        9.0.30729 // unnötig
Microsoft Visual Studio Tools for Applications 2.0 - ENU        Microsoft Corporation        04.05.2012                9.0.30729 // notwendig
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU        Microsoft Corporation        08.06.2011        95,7MB        9.0.30729 // notwendig
Microsoft Visual Studio Tools for Applications 2.0 Runtime        Microsoft Corporation        08.06.2011        151KB        9.0.30729 // notwendig
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU        Microsoft Corporation        08.06.2011        225KB        9.0.30729 // notwendig
Microsoft WSE 3.0 Runtime        Microsoft Corp.        13.10.2008        942KB        3.0.5305.0 // unbekannt
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme        Microsoft Corporation        23.01.2012        132KB        12.0.4518.1014 // unnötig (Office 2010 inzwischen)
MiKTeX 2.9        MiKTeX.org        17.01.2012        420MB        2.9 // notwendig
Miranda IM 0.9.44                18.02.2012        117MB        // notwendig
Mozilla Firefox 14.0.1 (x86 de)        Mozilla        18.07.2012        59,1MB        14.0.1 // notwendig
Mozilla Maintenance Service        Mozilla        18.07.2012        216KB        14.0.1 // notwendig
MSXML 4.0 SP2 (KB936181)        Microsoft Corporation        08.09.2008        1,26MB        4.20.9848.0 // unbekannt
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        10.11.2008        1,27MB        4.20.9870.0 // unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        24.11.2009        1,33MB        4.20.9876.0 // unbekannt
NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1)                18.04.2012        800KB        // notwendig (Novell)
NMAS Challenge Response Method        Novell, Inc.        18.04.2012        252KB        2.8.3.3 // notwendig
NMAS Client        Novell, Inc.        18.04.2012        1,01MB        3.5.0.6 // notwendig
NNScript        ESNation        26.05.2009        10,0MB        4.22 // unnötig
Nokia Connectivity Cable Driver        Nokia        04.06.2012        3,35MB        7.1.78.0 //notwendig
Nokia Map Loader        Nokia        18.04.2010        4,28MB        3.0.22 // notwendig
Nokia Mobile VPN Client Policy Tool        Nokia        15.06.2009        404KB        1.39 // notwendig
Nokia Software Updater        Nokia Corporation        25.10.2009        42,4MB        01.08.010.40008 // notwendig
Nokia Suite        Nokia        04.06.2012        129MB        3.4.49.0 // notwendig
Novell Client for Windows        Novell, Inc.        18.04.2012        6,07MB        2 SP2 // notwendig
NVIDIA Grafiktreiber 285.62        NVIDIA Corporation        30.01.2012        47,0MB        285.62 // notwendig
NVIDIA HD-Audiotreiber 1.2.24.0        NVIDIA Corporation        30.01.2012        3,40MB        1.2.24.0 // notwendig
NVIDIA PhysX-Systemsoftware 9.11.0621        NVIDIA Corporation        30.01.2012        73,2MB        9.11.0621 // notwendig
NVIDIA Update 1.5.20        NVIDIA Corporation        30.01.2012        3,53MB        1.5.20 // notwendig
OpenAL                13.12.2009        792KB        // unnötig
Pando Media Booster        Pando Networks Inc.        30.08.2011        7,16MB        2.3.6.0 // unbekannt
PC Connectivity Solution        Nokia        04.06.2012        14,8MB        12.0.17.0 // unnötig
Play AVStation        Ihr Firmenname        25.06.2008        91,1MB        4.1.20.50 // unnötig
Play Camera        Ihr Firmenname        07.08.2008        2,03MB        2.0.0.13 // unnötig
Port Royale 3        Gaming Minds Studios GmbH        28.05.2012                1.1.2.0 // unnötig
Rapture3D 2.3.22 Game        Blue Ripple Sound        13.12.2009        9,56MB        // unnötig
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        25.06.2008        11,3MB        6.0.1.5605 // notwendig
Rockstar Games Social Club        Rockstar Games        27.02.2009        1,88MB        1.00.0000 // unnötig
Samsung Kies        Samsung Electronics Co., Ltd.        19.07.2012        217MB        2.3.2.12064_10 // notwendig
Samsung Magic Doctor        Samsung Electronics Co., LTD        04.08.2008        15,4MB        5.00 // unnötig
Samsung Recovery Solution III        Samsung        25.06.2008        36,4MB        3.0.0.5 // unnötig
Samsung Update Plus        Samsung Electronics Co., LTD        25.06.2008        5,64MB        1.3.0.11 // unnötig
SAMSUNG USB Driver for Mobile Phones        SAMSUNG Electronics Co., Ltd.        24.07.2012        42,9MB        1.5.6.0 // notwendig
Sandboxie 3.72 (32-bit)        SANDBOXIE L.T.D        25.07.2012        3,96MB        3.72 // notwendig
ScanSoft OmniPage SE 4        Nuance Communications, Inc.        05.09.2008        167MB        15.2.0020 // unnötig (kam mit Druck-Treiber/Software, nie genutzt)
Secure Download Manager        e-academy Inc.        03.05.2012        1,14MB        3.0.3 // unnötig
Skype™ 5.10        Skype Technologies S.A.        09.07.2012        19,3MB        5.10.115 // notwendig
SolidWorks 2012 Document Manager API        SolidWorks Corporation        03.06.2012        8,78MB        20.00.5022 // unnötig
SolidWorks eDrawings 2012        Dassault Systèmes SolidWorks Corp        03.06.2012        47,6MB        12.3.113 // unnötig
SolidWorks viewer        SolidWorks        04.05.2012        56,6MB        20.30.56 // unnötig
Spelling Dictionaries Support For Adobe Reader 8        Adobe Systems        01.02.2009        32,5MB        8.0.0 // unnötig (Reader X)
Spybot - Search & Destroy        Safer Networking Limited        09.03.2009        45,0MB        1.6.2 // notwendig
Synaptics Pointing Device Driver        Synaptics        03.02.2012        13,6MB        11.1.3.2 // notwendig
Tabellenbuch Metall digital        Europa Lehrmittel        18.01.2009        109MB        1.00.0000 // notwendig
TeXnicCenter Version 1.0 Stable RC1        TeXnicCenter.org        17.01.2012        11,8MB        Version 1.0 Stable RC1 // unnötig
TortoiseSVN 1.7.7.22907 (32 bit)        TortoiseSVN        18.07.2012        34,8MB        1.7.22907 // notwendig
Total Commander (Remove or Repair)        Ghisler Software GmbH        14.04.2012        7,42MB        7.57a // notwendig
UltraEdit 15.00        IDM Computer Solutions, Inc.        16.06.2009        44,1MB        15.00.40 // notwendig
UltraISO Premium V9.52                30.11.2011        5,75MB        // unnötig
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)        Microsoft Corporation        04.05.2012        23,2MB        9.00.5000.00 // unbekannt
Unterstützungsdateien für Microsoft SQL Server 2008-Setup        Microsoft Corporation        05.05.2012        30,0MB        10.3.5500.0 // unbekannt
USB2.0 UVC 1.3M WebCam                26.06.2009                // notwendig (Kamera-Treiber?)
USB2.0 UVC WebCam        D-MAX        25.06.2008        2,65MB        6.11.706.012 // notwendig (Kamera-Treiber?)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU        Microsoft Corporation        20.02.2011        11,1MB        4.0.8080.0 // notwendig
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU        Microsoft Corporation        04.11.2011        10,7MB        4.0.8080.0 // notwendig
VLC media player 2.0.1        VideoLAN        26.03.2012        49,1MB        2.0.1 // notwendig
WCF RIA Services V1.0 SP1        Microsoft Corporation        05.05.2012        12,3MB        4.1.60114.0 // unbekannt
Web Deployment Tool        Microsoft Corporation        20.02.2011        7,96MB        1.1.0618 // unnötig
WIDCOMM Bluetooth Software 6.0.1.6300        WIDCOMM, Inc.        25.06.2008        35,5MB        6.0.1.6300 // notwendig
Winamp        Nullsoft, Inc        27.08.2008        27,8MB        5.541 // notwendig
Windows 7 USB/DVD Download Tool        Microsoft Corporation        22.09.2010        2,71MB        1.0.30 // unnötig
Windows Automated Installation Kit        Microsoft Corporation        22.09.2010        1,34GB        2.0.0.0 // unnötig
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)        Nokia        04.06.2012        15,0MB        08/22/2008 7.0.0.0 // notwendig?
WinEdt 6        WinEdt Team        05.02.2011        24,4MB        6.0 // notwendig
WinRAR 4.10 (32-Bit)        win.rar GmbH        01.02.2012        3,72MB        4.10.0 // notwendig
Wolfram Mathematica 8 for Students (M-WIN-G 8.0.4 2615565)        Wolfram Research, Inc.        03.06.2012        2,98GB        8.0.4 // notwendig
Zattoo4 4.0.4        Zattoo Inc.        11.04.2010        40,1MB        4.0.4 // notwendig
Mir ist kein Programm aufgefallen, bei dem ich eindeutig sagen kann "das hab ich bestimmt nie installiert und hab keine Ahnung wo das herkommt". Gerade das Zeug von Microsoft wird mit großer Sicherheit von anderen Programmen benötigt, nur kann ich nicht immer sagen von welchen.

Gruß

markusg 26.07.2012 17:39
deinstaliere
7-Zip
ActivePerl
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Audacity
Battlefield
calibre
Compatibility Pack
Deep Exploration
EASEUS
FileZilla
HP
KeyMan
League
MagicMap
Microsoft Games : alle
NNScript
OpenAL
Play : beide
Port
Rapture3D
Rockstar
ScanSoft
Secure
SolidWorks : alle
Spelling Dictionaries
Spybot : weg damit, lieber malwarebytes von zeit zu zeit updaten und scannen lassen
TeXnicCenter
UltraISO Premium
Web Deployment
Windows Automated

öffne ccleaner, analysieren starten.
öffne otl, cleanup, pc startet neu, testen wie er läuft

Ilu 27.07.2012 16:11
Hi Markus,

hab die Programme deinstalliert, CCleaner aufräumen lassen und in OTL auf "Bereinigen" geklickt.

Auf dem Rechner waren danach keine Spiele mehr außer den Windows-Games. Trotzdem waren die Kopierschutz-Dateien, die der TDSSKiller aufgelistet hat, noch vorhanden (atksgt.sys,lirsgt.sys).
Laut hxxp://www.datei.info/was_ist/atksgt_sys.html gehören die Dateien zum Kopierschutztreiber "Tages". Mit Hilfe der Installationsdatei der neuen Version ( hxxp://tagesprotection.com/5.5/TagesSetup.exe ) habe ich dann den Tages-Treiber deinstalliert.
Folgende Dateien, die der TDSSKiller gemeldet hat, sind jetzt nicht mehr vorhanden:
Code:
C:\Program Files\Cherry\CDI\cdi.exe
C:\Windows\system32\DRIVERS\atksgt.sys
C:\Windows\system32\DRIVERS\lirsgt.sys
C:\Windows\system32\epmntdrv.sys
C:\Windows\system32\EuGdiDrv.sys
C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
Noch vorhanden sind:
Code:
C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Windows\system32\DRIVERS\Ch2kPS2M.sys
C:\Windows\system32\Drivers\CVPNDRVA.sys
C:\Program Files\Intel\WiFi\bin\EvtEng.exe // nach Update von Intel PROSet Wireles ist die Datei jetzt signiert
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe // nach Update von Intel PROSet Wireles ist die Datei jetzt signiert
Mit den aufgelisteten kann ich meiner Meinung nach ganz gut leben. Ausgeführt hab ich den TDSSKiller nicht nochmal, da OTL ihn entfernt hat.

Der Rechner läuft (wie schon die ganze Zeit) ohne Probleme. Allerdings sind die virtuellen Laufwerke noch weg, Defogger wurde von OTL entfernt und Daemon Tools Lite fehlt beim Autostart. Kann ich mir Defogger einfach nochmal runterladen und die Laufwerke wieder aktivieren oder wäre es einfacher DTLite neu zu installieren?

Vielen Dank für deine Hilfe!
Gruß

markusg 27.07.2012 18:45
hi, die dateien können bleiben, sorry das mit defogger hab ich vergessen, laden, enable klicken und wieder löschen.
danach pc absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.72

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

Ilu 30.07.2012 14:43
Hi Markus,

kam erst heute wieder dazu was an dem Laptop zu machen. Die virtuellen Laufwerke sind nach re-enablen wieder da.
Ich werde Antivir mit avast! Free ersetzen. Spybot bleibt deinstalliert. Chrome habe ich installiert und gleich mal um AdBlock Plus und HTTPS Everywhere erweitert. Gibt es da noch mehr sinnvolle Addons?
SEHOP ist jetzt aktiviert, DEP ist umgestellt: Ich habe jetzt "Datenausführungsverhinderung für alle Programme und Dienste mit Ausnahme der ausgewählten einschalten:" ausgewählt. Der Hinweis am unteren Ende des Fensters "Der Prozessor des Computers unterstützt keine hardwareseitige Datenausführungsverhinderung. [...]" ist verschwunden, nachdem ich das NX-Bit im BIOS aktiviert habe (Intel Penryn-Architektur). Vielleicht kann man darauf in der Anleitung noch hinweisen. Im BIOS habe ich dann gleich noch den MBR-Schreibschutz aktiviert.
Sandboxie war bereits installiert und wird auch verwendet. Auf File Hippo update checker und PSI verzichte ich. Beides habe ich ausprobiert - mit mäßigem Ergebnis.

Noch einmal herzlichen Dank für deine Hilfe.

Gruß

markusg 30.07.2012 19:45
hi
was heißt "mit mäßigem ergebniss"?
adblock für chrome:
http://filepony.de/download-adblock_chrome/
damit sollte das leben werbefreier von statten gehen.
ghostery um tracking zu verhindern:
http://filepony.de/download-ghostery_chrome/
sicher surfen mit chrome:
Sicher surfen mit Google Chrome | Verbraucher sicher online

Ilu 31.07.2012 12:10
Naja, nicht auf dem neuesten Stand zum Zeitpunkt der Ausführung waren:
  • Winamp (5.581 oder so statt 5.63). In den Changelogs der dazwischenliegenden Versionen tauchen mehrere overflows in Plugins auf, was lt. PSI-Homepage ja ein Grund ist das ganze als potentiell gefährliche Sicherheitslücke einzustufen. Wurde nicht gelistet.
  • CCleaner. FileHippo hats entdeckt (evtl PSI auch, das hatte ich da noch nicht installiert).
  • DTLite (4.30.1 statt 4.45.4). Gefixt wurden dazwischen lt Changelog Handleleaks, Inkompatibilität mit McAfee und "Kleine Fehler" (wo ja alles mögliche enthalten sein kann). Also auch halbwegs sicherheitsrelevant, wurde aber nicht gelistet.
  • Cisco VPN (5.0.05 statt 5.0.07). Da habe ich nicht das Changelog gesucht, aber so tief wie der sich eingräbt, wüsste ich schon gerne wenn es da potentielle Verbesserungen gibt. Auch wenn man den nicht frei im Netz laden kann, hätte ich mindestens einen Hinweis "Fragen Sie bei ihrem Admin nach" erwartet.
  • Miranda IM (0.9.52 statt 0.10.0). Im Changelog stehen memory leaks und mehrere "rare crashes". Obwohl Miranda IM bei FileHippo.com zu laden ist, wurde es nicht aufgelistet.
Da heutzutage eh die meisten Programme eine update-Funktion haben verzichte ich auf 2 zusätzliche Programme im Hintergrund (welche zumindest bei mir ihre Aufgabe nicht gut erfüllen).


Gruß

markusg 31.07.2012 12:13
hi
miranda wird gelistet, ich hab ja file hippo etc auch auf vielen pcs instaliert. hast du das programm instaliert oder nur in ihrer datenbank geguckt.
ok, viele programme haben updater, aber weist du wie lange das häufig dauerd bis die laden, ewig, bei java zb einige wochen, und auch flash wird nicht am tage des updates aktualisiert, das ist gefährlich, da besonders bei den programmen die lücken immer schnell genutzt werden

Ilu 31.07.2012 16:46
Miranda habe ich einmal installiert und update seitdem über die 7zip-files.
FileHippo Updater war installiert, bei PSI habe ich zunächst die Java-Variante ausprobiert und danach die exe installiert. Aber auch die PSI-exe zeigte DTLite etc nicht an. Sogar schlimmer: Obwohl eine neue Vidalia-Version ( https://www.torproject.org ) zur verfügung steht wird Vidalia als aktuell gelistet (auf dem Rechner war 0.2.17 [portable] statt 0.2.20).

Ich hab die Update-Intervalle anders konfiguriert: Java z.B. von wöchentlichen Updates Sonntags um 2.00 Uhr auf täglich 20.00 Uhr (da sollte der Rechner meistens an sein). Ob das hilft aktuelle Software zu haben, sehe ich beim nächsten Update (im Netz steht ja, wann das Update rauskam). Die Flash-Updates gemäß dem Tipp hier ( hxxp://www.raymond.cc/blog/setting-adobe-flash-player-auto-update-check-interval/ ) auf Programmstart statt standard (7 Tage).


Gruß


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:43 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129