| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdecktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.07.2012, 13:56
| #1 |
| |  HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt Hi, nachdem ich gestern dummerweise die Zip-Datei (nicht die exe) des aktuellen "Paket nicht zustellbar, ihre Deutsche Post"-Spams geöffnet hatte, dachte ich mir es könnte nicht schaden mal eine aktive Suche nach Schädlingen zu starten. Indizien für einen Schädlingsbefall kann ich auf dem System nicht feststellen. Ich hab mich daraufhin hier im Forum ( http://www.trojaner-board.de/116915-...sche-post.html ) über den Post-Trojaner informiert und einen Vollscan mit Anti-Malware durchgeführt: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.23.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: *** [Administrator] 23.07.2012 14:08:38 mbam-log-2012-07-23 (18-36-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1022302 Laufzeit: 4 Stunde(n), 25 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\Installer\MSIC9F9.tmp (HackTool.Hiderun) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Anschließend habe ich den ESET Online Scanner gemäß der Anleitung ( http://www.trojaner-board.de/116915-...sche-post.html ) laufen lassen: Code:
ATTFilter C:\Users\AccIluD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6e8ca900-32b1644b a variant of Java/Exploit.CVE-2012-0507.B trojan
C:\Users\***AccMitUserRechten***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\729d2bc0-4badd85a Java/Exploit.Blacole.AN trojan
C:\Users\***AccMitUserRechten***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6281e90c-628a305a a variant of Java/TrojanDownloader.Agent.NDR trojan
Jetzt kam der Entschluss hier einen Thread zu erstellen, da ich befürchte noch mehr auf dem System zu haben. Nach disablen mit Defogger, OTL: Code:
ATTFilter OTL logfile created on: 24.07.2012 12:15:21 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,46% Memory free 6,19 Gb Paging File | 4,61 Gb Available in Paging File | 74,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 89,38 Gb Total Space | 28,67 Gb Free Space | 32,07% Space Free | Partition Type: NTFS Drive D: | 198,70 Gb Total Space | 4,56 Gb Free Space | 2,30% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.24 12:14:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.07.16 13:24:06 | 000,021,432 | ---- | M] () -- D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.07.16 13:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- D:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.07.16 13:23:56 | 000,975,800 | ---- | M] (Samsung) -- D:\Programme\Samsung\Kies\Kies.exe PRC - [2012.05.15 12:54:32 | 000,276,872 | ---- | M] (hxxp://tortoisesvn.net) -- D:\Programme\TortoiseSVN\bin\TSVNCache.exe PRC - [2012.05.08 19:36:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 19:35:57 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.08 19:35:56 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 19:35:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.03.22 12:14:16 | 000,452,880 | ---- | M] (SANDBOXIE L.T.D) -- D:\Programme\Sandboxie\SbieCtrl.exe PRC - [2012.03.22 12:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- D:\Programme\Sandboxie\SbieSvc.exe PRC - [2012.01.12 11:59:26 | 002,789,280 | ---- | M] (Binary Fortress Software) -- D:\Programme\DisplayFusion\DisplayFusion.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.27 20:14:52 | 000,034,904 | ---- | M] () -- C:\Windows\System32\nwtray.exe PRC - [2011.11.27 20:14:52 | 000,016,984 | ---- | M] (Novell, Inc.) -- C:\Programme\Novell\Client\XTier\Services\xtsvcmgr.exe PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.15 10:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.09.22 17:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe PRC - [2011.09.22 17:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2010.09.20 22:20:56 | 003,326,976 | ---- | M] (ANSYS, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe PRC - [2010.09.20 22:20:56 | 001,840,128 | ---- | M] (ANSYS, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansysli_monitor.exe PRC - [2010.09.01 16:56:54 | 000,254,004 | ---- | M] (ZF Electronics GmbH) -- C:\Programme\Cherry\KeyMan\KeyMan.exe PRC - [2010.08.25 15:09:24 | 000,577,582 | ---- | M] (ZF Electronics GmbH) -- C:\Programme\Cherry\CDI\cdi.exe PRC - [2010.07.26 03:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2010.04.28 18:32:36 | 001,664,512 | ---- | M] (ANSYS, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansyslmd.exe PRC - [2010.04.28 17:30:55 | 001,334,096 | ---- | M] (Flexera Software, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\lmgrd.exe PRC - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009.06.01 12:12:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.06.19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- D:\Programme\Cisco VPN Client\cvpnd.exe PRC - [2008.05.23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.05.23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.05.22 10:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2008.04.25 14:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2008.04.17 08:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.12 06:19:52 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2008.02.12 06:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:25:07 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.21 04:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2012.07.19 16:57:26 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f680a94891833af168ba32a06e22ed3e\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2012.07.19 16:57:25 | 014,336,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\4d87d775fe42967b4f8cd11ee5252863\Kies.Theme.ni.dll MOD - [2012.07.19 16:57:25 | 000,506,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\d2bc057169af41354b280376edbb0755\Kies.Common.MediaDB.ni.dll MOD - [2012.07.19 16:57:23 | 000,275,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\1c17bc03b5ad69423cbc5e4083422808\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2012.07.19 16:57:23 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\0d10782d5bb3202de9f6ac5525e2e4dd\Kies.Common.AllShare.ni.dll MOD - [2012.07.19 16:57:22 | 000,563,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c110809ea71a0da915bff8c3564de677\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2012.07.19 16:57:22 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\9b1193903f06caa02f285505fc6b120b\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2012.07.19 16:57:21 | 000,561,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6ce4f1fa8f860381b026c8b22849fc1c\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2012.07.19 16:57:20 | 000,894,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a80d64713a7f3e5e23bf40495dbc55f3\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2012.07.19 16:57:18 | 002,187,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\da8ddf39dd8a4761b8a1e7157484ed58\Kies.Common.Multimedia.ni.dll MOD - [2012.07.19 16:57:17 | 001,011,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\fb2290f722e5555cf91381929ca923bf\Kies.Common.DeviceService.ni.dll MOD - [2012.07.19 16:57:13 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\9d5f73031e82f2c167795a8f97a0639b\Kies.Common.MainUI.ni.dll MOD - [2012.07.19 16:57:12 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\7d995cd7f459b3f347fcb35470726b0b\Kies.Common.DBManager.ni.dll MOD - [2012.07.19 16:57:11 | 000,261,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\cfd7afc6f4c348121fc98fee8c32f0e1\Kies.Common.Util.ni.dll MOD - [2012.07.19 16:57:09 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\f4f035d7d0d6e3bfba6032a3fbfdb140\Kies.ni.exe MOD - [2012.07.19 16:57:09 | 001,689,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7500c4d25baa63d88698f97d1824fa78\Kies.UI.ni.dll MOD - [2012.07.16 13:24:06 | 000,021,432 | ---- | M] () -- D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012.07.13 12:17:11 | 000,115,137 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll MOD - [2012.07.13 12:14:58 | 000,194,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\4401f8d840e3d7a09d7f555a53d713ef\ASF_cSharpAPI.ni.dll MOD - [2012.07.13 12:14:58 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\7659186cf36ec04feb3156802c29507d\Kies.Common.StoreManager.ni.dll MOD - [2012.07.13 12:14:57 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AdminCmdAgent\8c8e5aa9d6ccbb5d34bc24fb6c626953\AdminCmdAgent.ni.dll MOD - [2012.07.13 12:14:52 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d94dc15b2daff1d72d41f1def3a0b021\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2012.07.13 12:14:48 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2012.07.13 12:14:47 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\ef9f4aaffdadfc31070e1a838951b277\Interop.PRPLAYERCORELib.ni.dll MOD - [2012.07.13 12:14:44 | 001,381,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7a59be2dfd1d3f99b3489eea8df66016\Kies.Locale.ni.dll MOD - [2012.07.13 12:14:43 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\adb0105c92aaf42f571a2fd25a4228a9\Kies.MVVM.ni.dll MOD - [2012.07.13 12:14:41 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\3f6f79987f17c00edce423932abd1cf2\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2012.07.13 12:14:38 | 001,181,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\73962fb5234895e46e79de6e1711d093\Kies.Interface.ni.dll MOD - [2012.07.01 22:07:06 | 000,036,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.CmdAgentLib\7fc3c42741a72b2e85996570a0bf76ec\Interop.CmdAgentLib.ni.dll MOD - [2012.07.01 22:07:00 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\96cb2ec6e8aeaacd26c6034d876f3ac2\Interop.DevFileServiceLib.ni.dll MOD - [2012.07.01 22:06:48 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012.07.01 22:06:45 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2012.07.01 22:06:43 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2012.07.01 22:06:33 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\2d7161baa59dd2c1c39f4a192d760e7d\ICSharpCode.SharpZipLib.ni.dll MOD - [2012.07.01 22:06:33 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll MOD - [2012.07.01 22:06:29 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\9a6bad5be6518d4a975893676a49a82c\Interop.DeviceSearchLib.ni.dll MOD - [2012.07.01 22:06:07 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll MOD - [2012.07.01 22:05:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll MOD - [2012.07.01 22:05:22 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.07.01 21:54:01 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012.07.01 21:54:00 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll MOD - [2012.07.01 21:53:30 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012.07.01 21:53:25 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012.07.01 21:53:24 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.07.01 21:53:08 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012.07.01 21:53:02 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012.07.01 21:52:56 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.07.01 21:52:51 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012.07.01 21:52:49 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.07.01 21:52:39 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012.06.13 21:48:34 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll MOD - [2012.06.13 21:36:35 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll MOD - [2012.06.13 21:24:24 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.13 21:24:10 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.05.15 12:54:16 | 000,070,536 | ---- | M] () -- D:\Programme\TortoiseSVN\bin\libsasl32.dll MOD - [2012.05.10 15:28:19 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll MOD - [2012.05.10 15:26:45 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\442135bc0b503b42ab2d752c23bea631\System.Security.ni.dll MOD - [2012.05.10 10:59:14 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.10 10:57:09 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.10 10:56:57 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2012.01.09 20:44:20 | 000,166,912 | ---- | M] () -- D:\Programme\WinRAR\RarExt.dll MOD - [2011.11.27 20:14:52 | 000,907,352 | ---- | M] () -- C:\Windows\System32\ncnetprovider.dll MOD - [2011.11.27 20:14:52 | 000,230,488 | ---- | M] () -- C:\Windows\System32\nwshlxnt.dll MOD - [2011.11.27 20:14:52 | 000,156,760 | ---- | M] () -- C:\Windows\System32\mapbase.dll MOD - [2011.11.27 20:14:52 | 000,092,760 | ---- | M] () -- C:\Windows\System32\nclangid.dll MOD - [2011.11.27 20:14:52 | 000,034,904 | ---- | M] () -- C:\Windows\System32\nwtray.exe MOD - [2011.11.27 19:43:38 | 000,487,936 | ---- | M] () -- C:\Windows\System32\nls\english\ncnetproviderr.dll MOD - [2011.11.27 19:42:44 | 000,101,376 | ---- | M] () -- C:\Windows\System32\nls\english\nwshlxntr.dll MOD - [2011.11.27 19:42:08 | 000,086,016 | ---- | M] () -- C:\Windows\System32\nls\english\mapbaser.dll MOD - [2011.11.27 19:38:56 | 000,015,872 | ---- | M] () -- C:\Windows\System32\nls\english\nclangidr.dll MOD - [2010.06.13 23:54:28 | 000,094,208 | ---- | M] () -- D:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2009.06.02 15:00:00 | 000,093,696 | ---- | M] () -- D:\Programme\UltraEdit\ue32ctmn.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll MOD - [2006.02.22 16:47:44 | 000,073,728 | ---- | M] () -- C:\Programme\Cherry\KeyMan\zlib1.dll MOD - [2006.02.22 16:47:16 | 000,114,688 | ---- | M] () -- C:\Programme\Cherry\KeyMan\libpng13.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.18 15:33:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 19:36:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 19:35:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.03.22 12:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.27 20:14:52 | 000,016,984 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Programme\Novell\Client\XTier\Services\xtsvcmgr.exe -- (XTSvcMgr) SRV - [2011.10.18 00:11:03 | 001,673,520 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\DIAL GmbH\DIAL Communication Framework\DialComService.exe -- (DialComService) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.09.22 17:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV - [2011.09.22 17:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2011.09.22 17:17:26 | 000,370,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SRV - [2011.09.22 17:17:26 | 000,255,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$AUTODESKVAULT) SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.09.20 22:20:56 | 003,326,976 | ---- | M] (ANSYS, Inc.) [Auto | Running] -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe -- (ANSYS, Inc. License Manager) SRV - [2010.08.25 15:09:24 | 000,577,582 | ---- | M] (ZF Electronics GmbH) [On_Demand | Running] -- C:\Programme\Cherry\CDI\cdi.exe -- (Cherry Device Interface) SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService) SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.11.16 19:12:10 | 000,079,360 | ---- | M] (SolidWorks) [Disabled | Stopped] -- C:\Programme\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service) SRV - [2009.07.21 04:04:00 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2009.06.01 12:12:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2008.10.13 20:01:55 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2008.06.19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- D:\Programme\Cisco VPN Client\cvpnd.exe -- (CVPND) SRV - [2008.05.23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.05.23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.05.13 01:47:20 | 000,077,480 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:25:07 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv) SRV - [2005.09.23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017unic.sys -- (s0017unic) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017obex.sys -- (s0017obex) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017nd5.sys -- (s0017nd5) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017mgmt.sys -- (s0017mgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017mdm.sys -- (s0017mdm) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017mdfl.sys -- (s0017mdfl) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017bus.sys -- (s0017bus) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\NSNDIS5.SYS -- (NSNDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Auto | Stopped] -- SYSTEM32\drivers\DS1410D.SYS -- (DS1410D) DRV - [2012.07.23 14:06:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.06.26 16:02:36 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2012.06.03 20:26:36 | 000,134,928 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2012.05.21 04:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.05.21 04:09:00 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012.05.08 19:36:01 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 19:36:01 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.05.04 09:41:24 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm) DRV - [2012.04.22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.11.27 20:14:52 | 000,111,192 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\ncrecognizer.sys -- (NCRecognizer) DRV - [2011.11.27 20:14:52 | 000,091,736 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\ncfilter.sys -- (NCFilter) DRV - [2011.11.27 20:14:52 | 000,090,712 | ---- | M] () [File_System | Auto | Running] -- C:\Programme\Novell\Client\XTier\Drivers\ncfsd.sys -- (NCFSD) DRV - [2011.11.27 20:14:52 | 000,066,136 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\ndmndap.sys -- (ndmndap) DRV - [2011.11.27 20:14:52 | 000,065,112 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nciom.sys -- (nciom) DRV - [2011.11.27 20:14:52 | 000,064,088 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\ncp.sys -- (ncp) DRV - [2011.11.27 20:14:52 | 000,060,504 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\Novell\Client\XTier\Drivers\ncioctl.sys -- (NCIOCTL) DRV - [2011.11.27 20:14:52 | 000,045,656 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nipctl.sys -- (nipctl) DRV - [2011.11.27 20:14:52 | 000,045,144 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\xtxplat.sys -- (xtxplat) DRV - [2011.11.27 20:14:52 | 000,041,048 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\ncpl.sys -- (ncpl) DRV - [2011.11.27 20:14:52 | 000,030,808 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\niam.sys -- (niam) DRV - [2011.11.27 20:14:52 | 000,028,760 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nsvccost.sys -- (nsvccost) DRV - [2011.11.27 20:14:52 | 000,027,224 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nscm.sys -- (nscm) DRV - [2011.11.27 20:14:52 | 000,027,224 | ---- | M] (Novell, Inc.) [Kernel | System | Running] -- C:\Programme\Novell\Client\XTier\Drivers\nicm.sys -- (NICM) DRV - [2011.11.27 20:14:52 | 000,022,616 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\ncuncfilter.sys -- (NCUncFilter) DRV - [2011.11.27 20:14:52 | 000,022,104 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nsns.sys -- (nsns) DRV - [2011.11.27 20:14:52 | 000,018,520 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\ndm.sys -- (ndm) DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105) DRV - [2011.07.29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2011.07.29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2011.07.08 01:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.01.18 17:38:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100) DRV - [2010.07.30 09:47:40 | 000,054,528 | ---- | M] (ZF Electronics GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ch2kPS2M.sys -- (Ch2kPS2M) DRV - [2010.07.14 13:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.03.06 01:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews) DRV - [2009.06.04 18:41:02 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2009.06.04 18:41:02 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.02.27 23:38:40 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.02.27 23:38:30 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008.08.09 20:31:10 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008.06.25 07:26:34 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2008.06.19 18:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.05.20 21:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.05.08 11:51:18 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor) DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.03.28 12:19:54 | 001,363,088 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini) DRV - [2008.01.24 11:41:34 | 000,130,560 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ch2kPS2.sys -- (Ch2kPS2) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.08.23 09:29:06 | 000,112,512 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ch2kUSB.sys -- (Ch2kUSB) DRV - [2007.01.29 07:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\..\SearchScopes,DefaultScope = {25A74407-F8E8-429E-BF07-7A00F314FAD7} IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\..\SearchScopes\{25A74407-F8E8-429E-BF07-7A00F314FAD7}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.8 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - prefs.js..extensions.enabledItems: {7c6d11c6-41b5-11dc-8314-0800200c9a66}:1.0.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.03.05 12:37:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.07.18 15:33:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.06.18 11:28:02 | 000,000,000 | ---D | M] [2008.08.07 21:30:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.07.18 16:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions [2010.04.28 05:26:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.04 19:47:06 | 000,000,000 | ---D | M] (GA?) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\{7c6d11c6-41b5-11dc-8314-0800200c9a66} [2012.05.21 08:13:14 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.06.21 07:14:51 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\https-everywhere@eff.org [2012.05.21 08:13:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\ich@maltegoetz.de [2012.03.05 12:37:01 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2012.02.12 12:34:45 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NC71XMT7.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2012.06.21 10:47:11 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NC71XMT7.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI [2012.06.18 11:28:10 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} O1 HOSTS File: ([2012.07.16 17:50:00 | 000,444,198 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 adlimg24.com O1 - Hosts: 127.0.0.1 www.adlimg24.com O1 - Hosts: 127.0.0.1 dmwd.com O1 - Hosts: 127.0.0.1 www.dmwd.com O1 - Hosts: 127.0.0.1 ads1.dmwd.com O1 - Hosts: 127.0.0.1 ad1.dmwd.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 15260 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - d:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CherryKeyMan] C:\Program Files\Cherry\KeyMan\KeyMan.exe (ZF Electronics GmbH) O4 - HKLM..\Run: [KiesTrayAgent] D:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [NWTRAY] C:\Windows\System32\nwtray.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [] File not found O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [Akamai NetSession Interface] C:\Users\***\AppData\Local\Akamai\netsession_win.exe File not found O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [DisplayFusion] D:\Programme\DisplayFusion\DisplayFusion.exe (Binary Fortress Software) O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [KiesAirMessage] D:\Programme\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [KiesHelper] D:\Programme\Samsung\Kies\KiesHelper.exe /s File not found O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [KiesPDLR] D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [KiesPreload] D:\Programme\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [SandboxieControl] D:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1026..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Miranda IM.lnk = D:\Programme\Miranda IM\miranda32.exe ( ) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {0427F569-3D57-4F10-B9FB-8D71A6A7BE24} file:///C:/Users/***/AppData/Local/Temp/FV2GA4/frmeditor.ocx (FormelEditor Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D63BB5D6-83F2-4FF7-B6D2-5077BD3BFECC}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\DisplayFusion\Wallpaper_2.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\DisplayFusion\Wallpaper_2.jpg O30 - LSA: Authentication Packages - (ncv1_0) - C:\Windows\System32\ncv1_0.dll () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{48f5aa25-d296-11de-840d-001f3ad0f344}\Shell - "" = AutoRun O33 - MountPoints2\{48f5aa25-d296-11de-840d-001f3ad0f344}\Shell\AutoRun\command - "" = I:\SETUP.EXE O33 - MountPoints2\{48f5aa25-d296-11de-840d-001f3ad0f344}\Shell\configure\command - "" = I:\SETUP.EXE O33 - MountPoints2\{48f5aa25-d296-11de-840d-001f3ad0f344}\Shell\install\command - "" = I:\SETUP.EXE O33 - MountPoints2\{493b8ce5-7db1-11e1-9eb5-af02a593ae9a}\Shell - "" = AutoRun O33 - MountPoints2\{493b8ce5-7db1-11e1-9eb5-af02a593ae9a}\Shell\AutoRun\command - "" = G:\SISetup.exe O33 - MountPoints2\{c01de28e-afc4-11e1-8f30-df05454c827e}\Shell - "" = AutoRun O33 - MountPoints2\{c01de28e-afc4-11e1-8f30-df05454c827e}\Shell\AutoRun\command - "" = H:\iStudio.exe O33 - MountPoints2\{fb2ba953-25ff-11de-8289-001f3ad0f344}\Shell - "" = AutoRun O33 - MountPoints2\{fb2ba953-25ff-11de-8289-001f3ad0f344}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.24 12:14:33 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.23 18:53:14 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012.07.23 14:06:04 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.07.23 14:06:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.07.23 14:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.23 14:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.23 14:05:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.23 14:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.23 14:04:50 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.18 14:54:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TortoiseSVN [2012.07.18 14:42:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TSVNCache [2012.07.18 14:36:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Subversion [2012.07.18 14:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN [2012.07.18 14:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays [2012.07.14 00:10:52 | 000,000,000 | ---D | C] -- C:\Users\***\.android [2012.07.14 00:10:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools [2012.07.01 23:44:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SelfMV [2012.07.01 23:39:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MDG [2012.07.01 23:31:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Temp [2012.07.01 22:21:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Samsung [2012.07.01 22:21:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Samsung [2012.07.01 22:20:57 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\samsung [2012.07.01 22:04:26 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2012.07.01 22:04:26 | 000,080,824 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2012.07.01 22:00:27 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2012.07.01 21:59:39 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2012.07.01 21:59:39 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys [2012.07.01 21:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2012.07.01 21:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2012.07.01 21:49:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.01 21:46:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.24 12:14:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.24 12:13:31 | 000,858,828 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.24 12:13:31 | 000,797,570 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.24 12:13:31 | 000,215,302 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.24 12:13:31 | 000,179,554 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.24 12:06:54 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.24 12:06:54 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.24 12:06:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.24 12:05:38 | 000,013,632 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.07.24 12:05:08 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.07.24 12:03:50 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.07.23 18:53:18 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012.07.23 18:44:38 | 000,001,928 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.07.23 14:06:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.07.23 14:05:44 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.23 14:04:57 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.23 13:39:00 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.07.23 09:36:29 | 000,194,560 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.16 17:50:00 | 000,444,198 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.07.13 00:24:32 | 000,011,527 | ---- | M] () -- C:\Users\***\gsview32.ini [2012.07.11 23:57:08 | 000,167,936 | ---- | M] () -- C:\Users\***\Documents\Excel2LaTeX.xla [2012.07.11 00:37:28 | 002,470,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.11 00:32:49 | 367,189,208 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.07.06 13:47:40 | 000,088,302 | ---- | M] () -- C:\Windows\FontData.fdb [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.26 16:03:06 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2012.06.26 16:02:36 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2012.06.26 16:02:36 | 000,020,032 | ---- | M] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys [2012.06.24 21:03:20 | 000,021,504 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.24 12:04:40 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.07.24 12:03:49 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.07.23 14:05:44 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.12 00:04:57 | 000,167,936 | ---- | C] () -- C:\Users\***\Documents\Excel2LaTeX.xla [2012.06.03 20:25:52 | 000,001,928 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.05.05 10:38:35 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2012.05.05 10:38:34 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2012.05.05 10:38:34 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2012.05.05 10:38:34 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2012.05.05 10:38:34 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2012.04.03 19:56:30 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE [2012.04.03 19:56:30 | 000,147,456 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL [2012.04.03 19:56:14 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.dll [2012.04.03 19:56:11 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll [2012.04.03 19:56:08 | 000,054,272 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll [2012.03.21 18:12:55 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2012.03.09 11:28:33 | 000,498,589 | ---- | C] () -- C:\Users\***\LifeHacks.jpg [2012.03.04 22:28:54 | 000,001,855 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2012.02.27 19:08:04 | 004,384,161 | ---- | C] () -- C:\Users\***\T-Touch manual.pdf [2012.02.22 17:13:33 | 000,000,092 | ---- | C] () -- C:\Windows\Dialux.ini [2012.02.19 23:14:43 | 000,007,696 | ---- | C] () -- C:\Users\***\untitled1_MAS.bak [2011.11.27 20:14:52 | 001,832,536 | ---- | C] () -- C:\Windows\System32\noveap.dll [2011.11.27 20:14:52 | 000,907,352 | ---- | C] () -- C:\Windows\System32\ncnetprovider.dll [2011.11.27 20:14:52 | 000,662,104 | ---- | C] () -- C:\Windows\System32\ncloginui.dll [2011.11.27 20:14:52 | 000,424,024 | ---- | C] () -- C:\Windows\System32\nccredprovider.dll [2011.11.27 20:14:52 | 000,230,488 | ---- | C] () -- C:\Windows\System32\nwshlxnt.dll [2011.11.27 20:14:52 | 000,185,944 | ---- | C] () -- C:\Windows\System32\lgnwnt32.dll [2011.11.27 20:14:52 | 000,156,760 | ---- | C] () -- C:\Windows\System32\mapbase.dll [2011.11.27 20:14:52 | 000,111,192 | ---- | C] () -- C:\Windows\System32\drivers\ncrecognizer.sys [2011.11.27 20:14:52 | 000,092,760 | ---- | C] () -- C:\Windows\System32\nclangid.dll [2011.11.27 20:14:52 | 000,091,736 | ---- | C] () -- C:\Windows\System32\drivers\ncfilter.sys [2011.11.27 20:14:52 | 000,039,512 | ---- | C] () -- C:\Windows\System32\ncv1_0.dll [2011.11.27 20:14:52 | 000,034,904 | ---- | C] () -- C:\Windows\System32\nwtray.exe [2011.11.27 20:14:52 | 000,026,200 | ---- | C] () -- C:\Windows\System32\loginw32.exe [2011.11.27 20:14:52 | 000,022,616 | ---- | C] () -- C:\Windows\System32\drivers\ncuncfilter.sys [2011.11.27 20:14:52 | 000,014,424 | ---- | C] () -- C:\Windows\System32\nccredlogonext.dll [2011.03.07 00:04:52 | 000,017,708 | ---- | C] () -- C:\Users\***\temp.rar [2010.04.11 20:47:10 | 000,021,504 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2009.11.16 00:45:46 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\Temptable.xml [2009.07.20 16:52:12 | 000,000,093 | ---- | C] () -- C:\Users\***\psv.ini [2009.07.10 13:08:05 | 000,011,527 | ---- | C] () -- C:\Users\***\gsview32.ini [2009.06.07 19:19:38 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.05.31 13:28:05 | 000,022,420 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2008.09.12 12:19:23 | 000,015,503 | ---- | C] () -- C:\Users\***\Telekom Shop Bankverbindung.html [2008.08.07 16:13:33 | 000,194,560 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2012.02.04 07:14:50 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\Cherry [2010.05.07 21:29:46 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\ICAClient [2011.03.27 06:30:39 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\IM [2011.01.23 12:11:17 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\Nokia [2011.01.23 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\Nokia Ovi Suite [2011.01.23 12:06:12 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\PC Suite [2012.07.20 19:28:56 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\Subversion [2011.03.22 20:17:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ansys [2010.01.22 23:23:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk [2010.08.17 21:13:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BlackBean [2011.01.27 19:45:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CADClick [2011.05.15 22:33:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre [2009.07.01 22:19:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2012.01.30 09:23:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cherry [2008.08.09 20:30:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools [2010.02.01 13:23:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DassaultSystemes [2012.06.18 23:20:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DisplayFusion [2012.05.03 21:33:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc [2010.02.01 13:27:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EDrawings [2009.07.09 14:08:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eXPert PDF Editor [2010.01.18 15:02:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Faustkeil [2011.07.18 14:01:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2012.04.14 21:47:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER [2010.05.04 17:50:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICAClient [2012.02.01 11:03:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2012.05.04 15:09:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IM [2012.03.04 22:29:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape [2012.04.14 22:57:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2011.06.19 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ITI GmbH [2012.05.28 00:21:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media [2010.10.06 21:27:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.08.31 10:25:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2010.01.23 01:13:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Luxology [2012.02.10 19:13:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2011.02.14 10:27:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NoNameScript [2009.06.15 15:27:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2009.05.31 13:28:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2012.07.19 16:54:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2008.09.05 12:50:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft [2011.12.03 11:43:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SFBot [2012.07.18 14:36:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion [2012.04.02 16:34:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software [2012.07.01 23:45:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp [2011.07.24 21:16:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity [2011.02.06 22:31:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinEdt Team [2012.02.28 01:33:21 | 000,000,000 | ---D | M] -- C:\Users\***AndererAccMitUserRechten***\AppData\Roaming\Cherry [2012.02.28 01:31:21 | 000,000,000 | ---D | M] -- C:\Users\***AndererAccMitUserRechten***\AppData\Roaming\PC Suite [2012.07.24 12:05:45 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\***\Desktop\bernie_MotoGP_BestOf.avi:TOC.WMV < End of report > MusicCityDownload.exe im Windowsordner scheint wohl von Kies (iTunes-Ersatz von Samsung) zu kommen. ( hxxp://gadgets.itwriting.com/971-why-is-musiccitydownload-exe-in-my-windows-folder.html ) OTL-Extras: Code:
ATTFilter OTL Extras logfile created on: 24.07.2012 12:15:21 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,46% Memory free
6,19 Gb Paging File | 4,61 Gb Available in Paging File | 74,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 89,38 Gb Total Space | 28,67 Gb Free Space | 32,07% Space Free | Partition Type: NTFS
Drive D: | 198,70 Gb Total Space | 4,56 Gb Free Space | 2,30% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- D:\Programme\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- D:\Programme\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1614058835-672721566-3778044925-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]|
"{FA47EC7E-4AA0-420B-89C3-C6F5C368A6F4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B3B4516-6AF8-4175-9DB9-AD76926A0979}" = dir=in | app=d:\programme\skype\phone\skype.exe |
"{0DA83F54-2434-4BA8-A531-32D36424E728}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{30394370-CD25-4DD3-8B2E-A0320B2579E5}" = protocol=6 | dir=in | app=d:\programme\displayfusion\displayfusion.exe |
"{327DAE70-5151-43D2-9FDD-02B01DA942F0}" = protocol=17 | dir=in | app=d:\programme\displayfusion\displayfusion.exe |
"{3F9ECE31-3833-491C-BD8F-7AA823350A8D}" = protocol=6 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\math.exe |
"{47A11383-4D64-409E-A95B-DB9502A25CD0}" = protocol=6 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\mathkernel.exe |
"{4BC00A92-7392-4955-8571-E7D79776D9E1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5394D5A6-272B-4CFC-9085-6B4FA8F2FD17}" = protocol=17 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\mathematica.exe |
"{5C5D490D-BA6A-47E5-9E3D-77DEC8677F8E}" = protocol=17 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\mathkernel.exe |
"{6C23E28D-EAAF-45F8-A132-4523748808E6}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{8AC3DB58-5918-4583-91BF-3A7AE2392B2E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8FDD2DFB-93CE-4550-A7E3-E01EF8E0604D}" = protocol=6 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\mathematica.exe |
"{9FA25F3E-A1E5-42D6-8754-8AEAD6FE7648}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{A0DA9464-8B44-4C62-B6A6-69BBADFFE6F0}" = protocol=17 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\math.exe |
"{B4A27011-54EE-4ABF-8EF1-B256113E208B}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{B77E7455-5E8E-4A95-B001-B2D770224ACE}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{B841D5E1-4F92-4A7E-B7BB-25E3416C4B87}" = dir=in | app=d:\spiele\port royale 3\portroyale3.exe |
"{BA568739-211D-4395-BCE5-339586B1FD74}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D5ACFD9A-E4DE-40B5-B1D2-1BA3F92F5772}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{D74D42CA-414E-445D-A482-6CA5425ACF3D}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{E1F406D7-9580-47E5-99FC-8FD2E8683AE2}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{EAA0EF14-2BBC-4D08-9CA4-7219CFE5FB02}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{F2E9649C-87B0-4064-8EE9-5652B4811629}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{0003BF3D-4ADD-40CC-A0A2-B9DA1DF80E9B}D:\spiele\counter strike\hl.exe" = protocol=6 | dir=in | app=d:\spiele\counter strike\hl.exe |
"TCP Query User{066B394A-C83F-448D-9C8B-1ECFD51B809B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{072BF13F-F4F9-4D0D-8E57-644F17BB098F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{0F806D5F-5F63-4DC3-8F23-7ECEC69A2E40}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{11C5A31C-4DF6-4F72-A2A8-1A8AB012AB8F}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"TCP Query User{139E875D-9716-4A53-8BC0-C5BA9010E072}D:\programme\maple 15\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\programme\maple 15\jre\bin\maple.exe |
"TCP Query User{20356FB0-A3E9-4343-8FE9-F8760EABFC05}D:\programme\maple 12\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\programme\maple 12\jre\bin\maple.exe |
"TCP Query User{24642AD8-ECA2-4F48-8C93-1305DEC72BB0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{267FDCA5-E355-4676-857A-EC61A4690FEB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2A35A38C-305C-4F66-BC02-E813E58B8536}D:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe |
"TCP Query User{3320EBAD-44C1-49E2-A6B6-14753539EC90}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{43F4406F-AF14-4B0C-961C-D4F0E0B0D189}D:\programme\autodesk\inventor 2010\bin\inventor.exe" = protocol=6 | dir=in | app=d:\programme\autodesk\inventor 2010\bin\inventor.exe |
"TCP Query User{47601E78-31B8-4D81-8F82-C9C71902C854}D:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe |
"TCP Query User{58214E82-4186-42AF-B3CE-BD431F72DBD4}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"TCP Query User{5831E173-CA42-4FF2-BB76-C899871EFA32}D:\programme\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\programme\miranda im\miranda32.exe |
"TCP Query User{60DA34A1-1658-485C-8BDF-9B22156295A8}D:\programme\ansys inc\v130\aisol\bin\intel\ansyswbu.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\aisol\bin\intel\ansyswbu.exe |
"TCP Query User{65B98C32-2635-4E83-A367-780BE9F6D6EE}D:\programme\maple 12\jre\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\maple 12\jre\bin\java.exe |
"TCP Query User{69B9C597-8903-4512-A98A-FFBEEA88A3F3}D:\programme\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\programme\miranda im\miranda32.exe |
"TCP Query User{74713D6F-C83C-47B8-BC3A-D4F3A26A6476}C:\program files\ansys inc\shared files\licensing\win32\ansyslmd.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\win32\ansyslmd.exe |
"TCP Query User{75F9AA11-6367-45F9-8BD1-73E6637ADFF1}D:\spiele\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=d:\spiele\anno 1701\anno1701.exe |
"TCP Query User{79FDAA71-A69F-4DE9-9471-7D140396E9B4}D:\download\netscan.exe" = protocol=6 | dir=in | app=d:\download\netscan.exe |
"TCP Query User{7C6B9D0A-A24F-49A4-8FFA-CEF99296ABA1}D:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii\war3.exe |
"TCP Query User{8E52B57A-0CDB-49BF-973B-6B2D945C9C04}D:\programme\ansys inc\shared files\licensing\win32\ansysli_client.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\shared files\licensing\win32\ansysli_client.exe |
"TCP Query User{902E698B-1432-4423-B1DB-6D55086E714C}D:\programme\ansys inc\v130\rsm\bin\ans.rsm.admin.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\rsm\bin\ans.rsm.admin.exe |
"TCP Query User{92EB2E50-AF5D-429C-8AF5-C103AAC43381}D:\programme\ansys inc\v130\framework\bin\win32\ansysfww.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\framework\bin\win32\ansysfww.exe |
"TCP Query User{92FECA96-B18A-4402-85CD-BBE293C98B30}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{9433A55A-F287-484E-9634-B447959915F3}D:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe |
"TCP Query User{9962F9F9-BD43-4C64-9623-522D5592647D}D:\programme\icq6\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6\icq.exe |
"TCP Query User{A33D55C0-F959-4E40-85A9-B4EB2119E185}C:\program files\ansys inc\shared files\licensing\win32\lmgrd.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\win32\lmgrd.exe |
"TCP Query User{A3826CF1-9126-41FB-A920-319A46522F6D}D:\spiele\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\spiele\fifa 11\game\fifa.exe |
"TCP Query User{A81D10CD-AC50-42B5-AD53-F7B043584071}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{B192334C-4E5F-44D1-BE85-6EBD98192276}C:\program files\matlab\r2008a\bin\win32\matlab.exe" = protocol=6 | dir=in | app=c:\program files\matlab\r2008a\bin\win32\matlab.exe |
"TCP Query User{B793AF81-5456-45D7-B421-37FF8C999BE0}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{B839459C-885A-47A5-B2BE-B95C89998B9D}D:\programme\ansys inc\v130\rsm\bin\ans.rsm.jmhost130.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\rsm\bin\ans.rsm.jmhost130.exe |
"TCP Query User{B99DDAD1-57AD-4528-8F8D-3CA5478BCBA0}D:\programme\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\programme\mirc\mirc.exe |
"TCP Query User{BA2E4EE0-5903-46A1-A57A-147602C7AA49}D:\programme\maple 15\jre\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\maple 15\jre\bin\java.exe |
"TCP Query User{BB587C3A-53DF-4289-833E-94043EACF46A}D:\programme\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\programme\vlc\vlc.exe |
"TCP Query User{BED53A40-135B-4C12-A6BF-B501BC74EFA2}D:\programme\autodesk\inventor 2010\bin\inventor.exe" = protocol=6 | dir=in | app=d:\programme\autodesk\inventor 2010\bin\inventor.exe |
"TCP Query User{C05D47B8-0E8E-40C8-896B-0BD825257CD6}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{C0C4F851-9CE2-438A-BED9-6CB496092A7B}D:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe |
"TCP Query User{CCB20D30-A6CF-449A-BBC0-5FE316D241EF}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{CD2B0195-38BF-4C59-A94A-1727CDC21B8F}D:\programme\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=d:\programme\mozilla firefox\firefox.exe |
"TCP Query User{CF6D348A-00CA-4839-88D9-1EBD487555C4}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{CFF45F06-BA13-4637-838E-9A3744EB6EB6}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{D496F622-9DB2-439D-8E40-59724BAA656D}D:\fussball manager 10\eadm\core.exe" = protocol=6 | dir=in | app=d:\fussball manager 10\eadm\core.exe |
"TCP Query User{D5FEF2BC-44EE-41B3-BDD3-6C8C84675691}C:\program files\ansys inc\v110\cfx\bin\winnt\postgui_ogl.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v110\cfx\bin\winnt\postgui_ogl.exe |
"TCP Query User{DB1E6449-1798-430C-A748-8BC8BF7CC363}D:\programme\icq6\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6\icq.exe |
"TCP Query User{DEF745D3-8548-453B-AA22-2A47A224DA0E}D:\programme\maple 12\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\programme\maple 12\jre\bin\maple.exe |
"TCP Query User{E0A054D4-B739-436C-8AF5-10E46C5CADA2}D:\spiele\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\gta iv\grand theft auto iv\gtaiv.exe |
"TCP Query User{E1CA6D17-2407-4BB2-A38C-945689E0A4AB}D:\programme\maple 15\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\programme\maple 15\jre\bin\maple.exe |
"TCP Query User{EE979F44-5424-4648-8F2F-07C8CD8B4E0E}D:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe |
"TCP Query User{F0E0F089-8ADC-4B0E-B6F7-3C593901F369}D:\programme\maple 12\jre\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\maple 12\jre\bin\java.exe |
"TCP Query User{F1EC132A-AEF7-4B57-AFA2-B455032D27A1}D:\spiele\cs_cz\hl.exe" = protocol=6 | dir=in | app=d:\spiele\cs_cz\hl.exe |
"TCP Query User{F7880671-102F-48A7-A189-6249F0B3CDFF}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"TCP Query User{FB82486B-6B36-4ACF-ACFE-E1BDAC519420}D:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe |
"UDP Query User{025213D8-15FD-45C4-8C3E-8CCDE7859DBB}D:\programme\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\programme\miranda im\miranda32.exe |
"UDP Query User{0CE54713-BEEB-4436-BC4A-D9EAAEFE5EC9}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"UDP Query User{0DCA51AE-5DD5-4C8E-AAF4-0A79307EC3F6}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{0F0E6559-BCAD-453F-B23C-D260C83908A1}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{10918ACA-E292-40E9-B5AD-C78046E50BDE}D:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii\war3.exe |
"UDP Query User{183C5FD4-2F26-4285-A545-D09684D3EA3F}D:\programme\ansys inc\v130\framework\bin\win32\ansysfww.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\framework\bin\win32\ansysfww.exe |
"UDP Query User{195C55EE-A0D0-4428-91DF-BA8737F63121}D:\programme\maple 12\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\programme\maple 12\jre\bin\maple.exe |
"UDP Query User{1975D4E8-557E-4555-AFED-97F628BCEAE0}D:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe |
"UDP Query User{252B076B-434B-42F6-8EA6-55EFE296BEAB}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{2535B131-14F3-4FBA-B097-4F793897361D}D:\programme\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\programme\mirc\mirc.exe |
"UDP Query User{264C8DE6-A27A-4B4D-B0ED-A0D33F3E395E}D:\programme\ansys inc\v130\rsm\bin\ans.rsm.jmhost130.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\rsm\bin\ans.rsm.jmhost130.exe |
"UDP Query User{2D8C660A-18D9-43F0-B059-EF3BFEBE771E}D:\programme\ansys inc\v130\rsm\bin\ans.rsm.admin.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\rsm\bin\ans.rsm.admin.exe |
"UDP Query User{2E2AAACA-15AD-46E0-9167-41D74E3B4952}D:\programme\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\programme\vlc\vlc.exe |
"UDP Query User{33E4203E-43AB-4AD3-81B1-058C97D57C75}D:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe |
"UDP Query User{344D6A53-9035-4C46-B8F0-68281633984C}C:\program files\ansys inc\v110\cfx\bin\winnt\postgui_ogl.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v110\cfx\bin\winnt\postgui_ogl.exe |
"UDP Query User{36D02F34-ECAA-48B0-9130-B517F16B6143}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{3C231996-6B11-451C-84C6-9A9348B716C0}D:\spiele\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\gta iv\grand theft auto iv\gtaiv.exe |
"UDP Query User{441DF08D-8D26-4255-AAEE-44889B11BC5D}D:\programme\maple 12\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\programme\maple 12\jre\bin\maple.exe |
"UDP Query User{443B8C77-CEE0-4350-BE6D-CF81184D60F3}D:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe |
"UDP Query User{457E39E9-E59D-411A-91D2-A5C421C0B60D}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"UDP Query User{573A2B94-9B9C-4E89-9785-2B537CB261A2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{5967AE43-6D8F-4587-8096-C75A40F4F4C0}D:\programme\autodesk\inventor 2010\bin\inventor.exe" = protocol=17 | dir=in | app=d:\programme\autodesk\inventor 2010\bin\inventor.exe |
"UDP Query User{60D7A269-137C-4315-8F7B-3D0734828C89}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{64BFA2DF-AC50-4009-BD5E-F30A4371B0AF}D:\download\netscan.exe" = protocol=17 | dir=in | app=d:\download\netscan.exe |
"UDP Query User{6899E44A-2566-416E-B2E1-7531DB4AD746}C:\program files\ansys inc\shared files\licensing\win32\lmgrd.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\win32\lmgrd.exe |
"UDP Query User{7337A83B-4ED4-49E5-A184-290A74D70269}D:\programme\icq6\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6\icq.exe |
"UDP Query User{7996125B-CEE5-4E94-85E2-D57A024E74D2}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{810A2510-E2EC-4E4B-90C8-747BE44A389F}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"UDP Query User{83F75AC3-D031-41D5-BF00-F1ECDA6D5410}D:\spiele\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\spiele\fifa 11\game\fifa.exe |
"UDP Query User{8571DAE9-F0F4-41E5-ABF8-ED6F4A189C9C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{8C6830BE-24D2-4BDA-89C2-8F07B7625713}D:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe |
"UDP Query User{A8C84A89-2CBF-4915-A219-E3D1CB414881}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{AA6E4042-49DF-4392-A4FA-3E077C94D513}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{AC6842EA-C240-4811-B5F3-50B8036AB736}D:\spiele\cs_cz\hl.exe" = protocol=17 | dir=in | app=d:\spiele\cs_cz\hl.exe |
"UDP Query User{ACC5D895-A96C-4EE4-8F5F-011C11A042AB}C:\program files\matlab\r2008a\bin\win32\matlab.exe" = protocol=17 | dir=in | app=c:\program files\matlab\r2008a\bin\win32\matlab.exe |
"UDP Query User{B07A2D2E-57B1-4B01-9D16-1E1086574144}D:\programme\maple 15\jre\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\maple 15\jre\bin\java.exe |
"UDP Query User{B8EC1D1A-D979-41A5-89EF-765BD3B35D7B}D:\programme\maple 15\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\programme\maple 15\jre\bin\maple.exe |
"UDP Query User{C08E0066-6D32-4392-8E54-DB336C36A1B2}D:\programme\icq6\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6\icq.exe |
"UDP Query User{C61264E7-15DD-4AF1-9F7C-B79F712C64AF}D:\programme\ansys inc\shared files\licensing\win32\ansysli_client.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\shared files\licensing\win32\ansysli_client.exe |
"UDP Query User{CB2A92D2-7E0A-4FC0-9FC9-26C1A0F14646}D:\fussball manager 10\eadm\core.exe" = protocol=17 | dir=in | app=d:\fussball manager 10\eadm\core.exe |
"UDP Query User{CD3C1751-A1E7-499E-B95B-38A4BA4CE932}D:\spiele\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=d:\spiele\anno 1701\anno1701.exe |
"UDP Query User{CD6FEF83-0B16-4A4D-8CDA-B2BB9B9398DE}D:\programme\maple 12\jre\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\maple 12\jre\bin\java.exe |
"UDP Query User{CFBDB506-2CBC-4147-A904-A0DECF31B911}D:\programme\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\programme\miranda im\miranda32.exe |
"UDP Query User{D1ED20AC-652B-464A-A127-29F110CD4F50}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{D23E9902-F981-49DB-A89B-1C24C1EC620D}D:\programme\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=d:\programme\mozilla firefox\firefox.exe |
"UDP Query User{D27EAEFE-40B4-4CA2-A742-B5753B0D3313}D:\programme\maple 12\jre\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\maple 12\jre\bin\java.exe |
"UDP Query User{D423D7C1-3FD1-4B6B-A4E7-DD0D0D80D6E1}D:\programme\ansys inc\v130\aisol\bin\intel\ansyswbu.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\aisol\bin\intel\ansyswbu.exe |
"UDP Query User{D4656EEB-E9BB-439F-81BB-7E86031E5DE3}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{D65076D4-6A5D-4AD0-82BE-2873DC55E700}D:\spiele\counter strike\hl.exe" = protocol=17 | dir=in | app=d:\spiele\counter strike\hl.exe |
"UDP Query User{D7189906-A2CF-49C0-8A3E-A525796FA03B}D:\programme\autodesk\inventor 2010\bin\inventor.exe" = protocol=17 | dir=in | app=d:\programme\autodesk\inventor 2010\bin\inventor.exe |
"UDP Query User{DB41E237-838B-425E-BA98-8A4E64216A4D}C:\program files\ansys inc\shared files\licensing\win32\ansyslmd.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\win32\ansyslmd.exe |
"UDP Query User{ECBD9913-81A8-4D76-85C0-1AC90EF9E753}D:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe |
"UDP Query User{FE6130B5-0244-4DF9-BDE7-0104B640367A}D:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe |
"UDP Query User{FEE21DD3-0F4B-412F-BC7A-75BE3C603C59}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{FFDFB49C-72E5-4613-950B-3DE33A08FE74}D:\programme\maple 15\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\programme\maple 15\jre\bin\maple.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{02BFF1A3-A0D5-4F64-8558-A22682BCDA58}" = ActivePerl 5.14.2 Build 1402
"{03A4C6A1-26E9-4DDB-81D9-B332E5BB10AD}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{04A5ABD3-272A-4958-836C-8DED3F177E51}" = SolidWorks eDrawings 2012
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix Online Plug-in (Web)
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FB138CC-5503-4B4A-BC42-81E9C1FF26EE}" = Autodesk Inventor Content Center Libraries 2010 (Desktop Content)
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22BA09CF-141D-45AD-B3F3-715B4B6C55A8}" = calibre
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix Online Plug-in (USB)
"{3F084E0E-E7D3-439D-9AC3-8312B2184347}" = SolidWorks 2012 Document Manager API
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AA24280-6FF2-40D1-B34C-40DA7E3317D4}" = IguanaTex
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{52969324-463B-4643-BF36-854BE2BECB89}" = Autodesk Inventor 2010 Language Pack - Deutsch
"{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}" = Microsoft SQL Server 2008 Native Client
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{562D0D31-FBAF-4505-8B27-4EC92EEA91D6}" = DIAL Communication Framework
"{56BC75EA-B19F-4C14-85B8-3FA61C0C791F}" = NMAS Client
"{5783F2D7-8001-0407-0002-0060B0CE6BBA}" = AutoCAD 2010 - Deutsch
"{5783F2D7-8001-0407-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - Deutsch
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix Online Plug-in (DV)
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{68DED384-1F74-4AEE-8B8E-95AF15572FE3}" = Port Royale 3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E9CFEF5-0245-411F-8587-CF83DF9D4B05}" = Microsoft SQL Server 2008 Database Engine Services
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7F4DD591-1400-0409-0000-7107D70F3DB4}" = Autodesk Inventor 2010
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{827990C7-4D30-3627-A2D1-5FFA09198BB2}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{8418FE6C-36B5-4023-8704-5DC2F21BB2E8}" = UltraEdit 15.00
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8CBFE0AB-3EBF-4103-BA48-59EB4FF66AD1}" = NMAS Challenge Response Method
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC8B571C-9C6E-47C1-A508-3BF1BCBED443}" = Deep Exploration 6 CE
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B265F77C-A0CF-4364-8C26-A0ADA16FA4F7}" = Nokia Mobile VPN Client Policy Tool
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B3D1CFF9-C5DA-3590-894B-40821DDB67C5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C83CD843-260E-3BD0-86BC-4E613BFDDE0A}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU
"{CB09F557-4821-46D0-BF86-8D1389AA6BC7}" = Tabellenbuch Metall digital
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{DC627AE5-A2B1-4D16-AF56-178D10EC3E81}" = KeyMan V3.6 Build 6
"{DE9CF741-20F7-488B-8B85-9D0F86FA51B4}" = TortoiseSVN 1.7.7.22907 (32 bit)
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E0D55506-9C88-4879-B61F-A5E4D0A5B460}" = SolidWorks viewer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA2F9282-383C-3DAC-A2B7-DE19E6A528E9}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) Language Pack - DEU
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix Online Plug-in (HDX)
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Android SDK Tools" = Android SDK Tools
"Audacity_is1" = Audacity 1.2.6
"AutoCAD 2010 - Deutsch" = AutoCAD 2010 - Deutsch
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Autodesk Inventor 2010" = Autodesk Inventor Professional 2010
"Autodesk Inventor 2010 SP1" = Autodesk Inventor 2010 SP1
"Avira AntiVir Desktop" = Avira Free Antivirus
"A-WIN-Extras 8.0.4 2615434_is1" = Mathematica Extras 8.0 (2615434)
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.1
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"DWG TrueView 2010" = DWG TrueView 2010
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"ffdshow_is1" = ffdshow [rev 2975] [2009-05-28]
"FileZilla Client" = FileZilla Client 3.3.3
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"GSview 4.9" = GSview 4.9
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"latex2eps_is1" = latex2eps 0.11
"MagicMap" = MagicMap
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Maple 12" = Maple 12
"Maple 15" = Maple 15
"Matlab R2012a" = MATLAB R2012a
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Miranda IM" = Miranda IM 0.9.44
"mIRC" = mIRC
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"M-WIN-G 8.0.4 2615565_is1" = Wolfram Mathematica 8 for Students (M-WIN-G 8.0.4 2615565)
"Nokia Suite" = Nokia Suite
"Novell Client for Windows" = Novell Client for Windows
"OpenAL" = OpenAL
"ProInst" = Intel PROSet Wireless
"Sandboxie" = Sandboxie 3.66 (32-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Totalcmd" = Total Commander (Remove or Repair)
"UltraISO_is1" = UltraISO Premium V9.52
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"Zattoo4" = Zattoo4 4.0.4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NoNameScript" = NNScript
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.07.2012 18:07:27 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
Error - 23.07.2012 18:07:28 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
Error - 23.07.2012 18:17:05 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
Error - 23.07.2012 18:17:07 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
Error - 23.07.2012 18:18:06 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
Error - 23.07.2012 18:18:06 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
Error - 24.07.2012 00:43:48 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 24.07.2012 02:12:31 | Computer Name = *** | Source = System Restore | ID = 8193
Description =
Error - 24.07.2012 05:24:22 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 24.07.2012 06:07:17 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 23.07.2012 12:52:37 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 24.07.2012 00:43:49 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 24.07.2012 00:43:49 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 24.07.2012 00:45:11 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 24.07.2012 05:24:22 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 24.07.2012 05:24:22 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 24.07.2012 05:25:55 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 24.07.2012 06:07:17 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 24.07.2012 06:07:17 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 24.07.2012 06:12:22 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-24 13:19:29
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000
Running: fwb5m14j.exe; Driver: C:\Users\***\AppData\Local\Temp\uxrdqpod.sys
---- System - GMER 1.0.15 ----
SSDT 90E66D5E ZwCreateSection
SSDT 90E66D68 ZwRequestWaitReplyPort
SSDT 90E66D63 ZwSetContextThread
SSDT 90E66D6D ZwSetSecurityObject
SSDT 90E66D72 ZwSystemDebugControl
SSDT 90E66CFF ZwTerminateProcess
INT 0x61 ? 900397D0
INT 0x71 ? 90039A50
Code A88CDBFC ZwTraceEvent
Code A88CDBFB NtTraceEvent
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!NtTraceEvent 8287BF94 5 Bytes JMP A88CDC00
.text ntoskrnl.exe!KeInsertQueue + 405 828ADA3C 4 Bytes [5E, 6D, E6, 90] {POP ESI; INSD ; OUT 0x90, AL}
.text ntoskrnl.exe!KeInsertQueue + 729 828ADD60 4 Bytes [68, 6D, E6, 90]
.text ntoskrnl.exe!KeInsertQueue + 75D 828ADD94 4 Bytes [63, 6D, E6, 90] {ARPL [EBP-0x1a], BP; NOP }
.text ntoskrnl.exe!KeInsertQueue + 7C1 828ADDF8 4 Bytes [6D, 6D, E6, 90] {INSD ; INSD ; OUT 0x90, AL}
.text ntoskrnl.exe!KeInsertQueue + 809 828ADE40 4 Bytes [72, 6D, E6, 90] {JB 0x6f; OUT 0x90, AL}
.text ...
PAGE ntoskrnl.exe!NtRequestPort + 2 82A02B69 5 Bytes JMP A88CDCA0
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 2 82A5AEE8 5 Bytes JMP A88CDDE0
.text win32k.sys!XFORMOBJ_iGetXform + 457F A2C8078C 5 Bytes JMP A88CD5C0
.text win32k.sys!XFORMOBJ_iGetXform + 70FA A2C83307 5 Bytes JMP A88CD700
.text win32k.sys!EngMulDiv + 4D41 A2CCA670 5 Bytes JMP A88CD660
.text win32k.sys!EngMulDiv + 8C36 A2CCE565 5 Bytes JMP A88CD520
.text win32k.sys!EngStrokePath + 5FF A2CD7A1C 5 Bytes JMP A88CDA20
.text win32k.sys!EngAlphaBlend + 88BE A2CEED3B 5 Bytes JMP A88CD3E0
.text win32k.sys!EngAlphaBlend + 9B48 A2CEFFC5 5 Bytes JMP A88CD480
.text win32k.sys!STROBJ_vEnumStart + 4728 A2D07749 5 Bytes JMP A88CDAC0
.text win32k.sys!CLIPOBJ_bEnum + 24A A2D2B56C 5 Bytes JMP A88CD840
.text win32k.sys!EngLineTo + A15 A2D4D5BD 5 Bytes JMP A88CD7A0
.text win32k.sys!EngLineTo + DD5D A2D5A905 5 Bytes JMP A88CDB60
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xABA1B300, 0x3ACC8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xABAEE300, 0x1B7E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text D:\Programme\TortoiseSVN\bin\TSVNCache.exe[4796] kernel32.dll!SetUnhandledExceptionFilter + 2 77CFA8C7 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5524] ntdll.dll!DbgUiRemoteBreakin 77C0CD44 1 Byte [C3]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd65b4f
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd6642e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@001d2885a723 0x09 0x13 0x00 0x26 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@0016b88fc755 0x6C 0xAD 0x77 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@000fde82306f 0x9F 0xD2 0x7A 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@0025483f4f86 0xE5 0x2C 0xE2 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@942053f2473d 0x47 0x30 0x0B 0x38 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@b8d9cebe6c7c 0x37 0x79 0x8F 0xE2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA3 0x98 0xA4 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x33 0xE8 0x19 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA6 0xC3 0x3C 0xBB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE5 0x64 0x43 0x7A ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001e4cd65b4f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001e4cd6642e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@001d2885a723 0x09 0x13 0x00 0x26 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@0016b88fc755 0x6C 0xAD 0x77 0x5F ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@000fde82306f 0x9F 0xD2 0x7A 0x83 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@0025483f4f86 0xE5 0x2C 0xE2 0x3A ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@942053f2473d 0x47 0x30 0x0B 0x38 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@b8d9cebe6c7c 0x37 0x79 0x8F 0xE2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA3 0x98 0xA4 0xE1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x33 0xE8 0x19 0xF4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA6 0xC3 0x3C 0xBB ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE5 0x64 0x43 0x7A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{78785EB0-1D82-8BA9-1C09-D709D1A7099A}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{78785EB0-1D82-8BA9-1C09-D709D1A7099A}@hafiihnmjcleiflb 0x69 0x61 0x63 0x6C ...
---- EOF - GMER 1.0.15 ----
Wie schon eingangs geschrieben: ich kann keine Anzeichen für einen Befall ausmachen. Aber da die Scans trotzdem etwas gefunden haben.. Für Ratschläge ob und wie es sinnvoll ist weiter zu graben, wäre ich sehr dankbar. Gruß |
| Themen zu HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt |
| 32 bit, 7-zip, akamai, antivir, audacity, autorun, avira, bho, canon, cisco vpn, error, exe, expert pdf, firefox, flash player, format, ftp, google earth, grand theft auto, hacktool.hiderun, home, iexplore.exe, install.exe, java., java/exploit.cve-2012-0507.b, java/trojandownloader.agent.ndr, logfile, mozilla, ntdll.dll, nvidia update, plug-in, programm, realtek, registry, rundll, safer networking, searchscopes, server, software, system, total commander, u.s./worldwide, vista, visual studio, win32k.sys, windows, wlan, zip-datei |
Baum-Darstellung