Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.07.2012, 13:56   #1
Ilu
 
HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt - Standard

HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt



Hi,

nachdem ich gestern dummerweise die Zip-Datei (nicht die exe) des aktuellen "Paket nicht zustellbar, ihre Deutsche Post"-Spams geöffnet hatte, dachte ich mir es könnte nicht schaden mal eine aktive Suche nach Schädlingen zu starten. Indizien für einen Schädlingsbefall kann ich auf dem System nicht feststellen.

Ich hab mich daraufhin hier im Forum ( http://www.trojaner-board.de/116915-...sche-post.html ) über den Post-Trojaner informiert und einen Vollscan mit Anti-Malware durchgeführt:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.23.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

23.07.2012 14:08:38
mbam-log-2012-07-23 (18-36-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1022302
Laufzeit: 4 Stunde(n), 25 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Installer\MSIC9F9.tmp (HackTool.Hiderun) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
(Die Betroffene Datei konnte ich über die Signatur einer Firma zuorden, von der ein Programm installiert war. Die Datei wurde in Quarantäne verschoben und das Programm deinstalliert [wird nicht benötigt].)

Anschließend habe ich den ESET Online Scanner gemäß der Anleitung ( http://www.trojaner-board.de/116915-...sche-post.html ) laufen lassen:
Code:
ATTFilter
C:\Users\AccIluD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6e8ca900-32b1644b	a variant of Java/Exploit.CVE-2012-0507.B trojan
C:\Users\***AccMitUserRechten***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\729d2bc0-4badd85a	Java/Exploit.Blacole.AN trojan
C:\Users\***AccMitUserRechten***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6281e90c-628a305a	a variant of Java/TrojanDownloader.Agent.NDR trojan
         
Die 3 Funde habe ich löschen lassen und anschließend den Java-Cache aller Accounts geleert. Die 3 Dateien gehörten zum Cache eines Accounts mit User-Rechten.

Jetzt kam der Entschluss hier einen Thread zu erstellen, da ich befürchte noch mehr auf dem System zu haben.
Nach disablen mit Defogger, OTL:
Code:
ATTFilter
OTL logfile created on: 24.07.2012 12:15:21 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,46% Memory free
6,19 Gb Paging File | 4,61 Gb Available in Paging File | 74,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 89,38 Gb Total Space | 28,67 Gb Free Space | 32,07% Space Free | Partition Type: NTFS
Drive D: | 198,70 Gb Total Space | 4,56 Gb Free Space | 2,30% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.24 12:14:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.07.16 13:24:06 | 000,021,432 | ---- | M] () -- D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.07.16 13:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- D:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.07.16 13:23:56 | 000,975,800 | ---- | M] (Samsung) -- D:\Programme\Samsung\Kies\Kies.exe
PRC - [2012.05.15 12:54:32 | 000,276,872 | ---- | M] (hxxp://tortoisesvn.net) -- D:\Programme\TortoiseSVN\bin\TSVNCache.exe
PRC - [2012.05.08 19:36:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:35:57 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.08 19:35:56 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 19:35:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.03.22 12:14:16 | 000,452,880 | ---- | M] (SANDBOXIE L.T.D) -- D:\Programme\Sandboxie\SbieCtrl.exe
PRC - [2012.03.22 12:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- D:\Programme\Sandboxie\SbieSvc.exe
PRC - [2012.01.12 11:59:26 | 002,789,280 | ---- | M] (Binary Fortress Software) -- D:\Programme\DisplayFusion\DisplayFusion.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.27 20:14:52 | 000,034,904 | ---- | M] () -- C:\Windows\System32\nwtray.exe
PRC - [2011.11.27 20:14:52 | 000,016,984 | ---- | M] (Novell, Inc.) -- C:\Programme\Novell\Client\XTier\Services\xtsvcmgr.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 10:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.09.22 17:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2011.09.22 17:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.09.20 22:20:56 | 003,326,976 | ---- | M] (ANSYS, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
PRC - [2010.09.20 22:20:56 | 001,840,128 | ---- | M] (ANSYS, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansysli_monitor.exe
PRC - [2010.09.01 16:56:54 | 000,254,004 | ---- | M] (ZF Electronics GmbH) -- C:\Programme\Cherry\KeyMan\KeyMan.exe
PRC - [2010.08.25 15:09:24 | 000,577,582 | ---- | M] (ZF Electronics GmbH) -- C:\Programme\Cherry\CDI\cdi.exe
PRC - [2010.07.26 03:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010.04.28 18:32:36 | 001,664,512 | ---- | M] (ANSYS, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansyslmd.exe
PRC - [2010.04.28 17:30:55 | 001,334,096 | ---- | M] (Flexera Software, Inc.) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\lmgrd.exe
PRC - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.06.01 12:12:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- D:\Programme\Cisco VPN Client\cvpnd.exe
PRC - [2008.05.23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.05.23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.05.22 10:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.04.25 14:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008.04.17 08:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.12 06:19:52 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008.02.12 06:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:25:07 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 04:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.19 16:57:26 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f680a94891833af168ba32a06e22ed3e\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2012.07.19 16:57:25 | 014,336,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\4d87d775fe42967b4f8cd11ee5252863\Kies.Theme.ni.dll
MOD - [2012.07.19 16:57:25 | 000,506,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\d2bc057169af41354b280376edbb0755\Kies.Common.MediaDB.ni.dll
MOD - [2012.07.19 16:57:23 | 000,275,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\1c17bc03b5ad69423cbc5e4083422808\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2012.07.19 16:57:23 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\0d10782d5bb3202de9f6ac5525e2e4dd\Kies.Common.AllShare.ni.dll
MOD - [2012.07.19 16:57:22 | 000,563,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c110809ea71a0da915bff8c3564de677\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2012.07.19 16:57:22 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\9b1193903f06caa02f285505fc6b120b\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2012.07.19 16:57:21 | 000,561,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6ce4f1fa8f860381b026c8b22849fc1c\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2012.07.19 16:57:20 | 000,894,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a80d64713a7f3e5e23bf40495dbc55f3\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2012.07.19 16:57:18 | 002,187,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\da8ddf39dd8a4761b8a1e7157484ed58\Kies.Common.Multimedia.ni.dll
MOD - [2012.07.19 16:57:17 | 001,011,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\fb2290f722e5555cf91381929ca923bf\Kies.Common.DeviceService.ni.dll
MOD - [2012.07.19 16:57:13 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\9d5f73031e82f2c167795a8f97a0639b\Kies.Common.MainUI.ni.dll
MOD - [2012.07.19 16:57:12 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\7d995cd7f459b3f347fcb35470726b0b\Kies.Common.DBManager.ni.dll
MOD - [2012.07.19 16:57:11 | 000,261,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\cfd7afc6f4c348121fc98fee8c32f0e1\Kies.Common.Util.ni.dll
MOD - [2012.07.19 16:57:09 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\f4f035d7d0d6e3bfba6032a3fbfdb140\Kies.ni.exe
MOD - [2012.07.19 16:57:09 | 001,689,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7500c4d25baa63d88698f97d1824fa78\Kies.UI.ni.dll
MOD - [2012.07.16 13:24:06 | 000,021,432 | ---- | M] () -- D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.07.13 12:17:11 | 000,115,137 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2012.07.13 12:14:58 | 000,194,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\4401f8d840e3d7a09d7f555a53d713ef\ASF_cSharpAPI.ni.dll
MOD - [2012.07.13 12:14:58 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\7659186cf36ec04feb3156802c29507d\Kies.Common.StoreManager.ni.dll
MOD - [2012.07.13 12:14:57 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AdminCmdAgent\8c8e5aa9d6ccbb5d34bc24fb6c626953\AdminCmdAgent.ni.dll
MOD - [2012.07.13 12:14:52 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d94dc15b2daff1d72d41f1def3a0b021\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2012.07.13 12:14:48 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2012.07.13 12:14:47 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\ef9f4aaffdadfc31070e1a838951b277\Interop.PRPLAYERCORELib.ni.dll
MOD - [2012.07.13 12:14:44 | 001,381,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7a59be2dfd1d3f99b3489eea8df66016\Kies.Locale.ni.dll
MOD - [2012.07.13 12:14:43 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\adb0105c92aaf42f571a2fd25a4228a9\Kies.MVVM.ni.dll
MOD - [2012.07.13 12:14:41 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\3f6f79987f17c00edce423932abd1cf2\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2012.07.13 12:14:38 | 001,181,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\73962fb5234895e46e79de6e1711d093\Kies.Interface.ni.dll
MOD - [2012.07.01 22:07:06 | 000,036,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.CmdAgentLib\7fc3c42741a72b2e85996570a0bf76ec\Interop.CmdAgentLib.ni.dll
MOD - [2012.07.01 22:07:00 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\96cb2ec6e8aeaacd26c6034d876f3ac2\Interop.DevFileServiceLib.ni.dll
MOD - [2012.07.01 22:06:48 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012.07.01 22:06:45 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2012.07.01 22:06:43 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2012.07.01 22:06:33 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\2d7161baa59dd2c1c39f4a192d760e7d\ICSharpCode.SharpZipLib.ni.dll
MOD - [2012.07.01 22:06:33 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll
MOD - [2012.07.01 22:06:29 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\9a6bad5be6518d4a975893676a49a82c\Interop.DeviceSearchLib.ni.dll
MOD - [2012.07.01 22:06:07 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll
MOD - [2012.07.01 22:05:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll
MOD - [2012.07.01 22:05:22 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.07.01 21:54:01 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012.07.01 21:54:00 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012.07.01 21:53:30 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012.07.01 21:53:25 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.07.01 21:53:24 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.07.01 21:53:08 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012.07.01 21:53:02 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.07.01 21:52:56 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.07.01 21:52:51 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012.07.01 21:52:49 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.07.01 21:52:39 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012.06.13 21:48:34 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.13 21:36:35 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.06.13 21:24:24 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.13 21:24:10 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.15 12:54:16 | 000,070,536 | ---- | M] () -- D:\Programme\TortoiseSVN\bin\libsasl32.dll
MOD - [2012.05.10 15:28:19 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012.05.10 15:26:45 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\442135bc0b503b42ab2d752c23bea631\System.Security.ni.dll
MOD - [2012.05.10 10:59:14 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.10 10:57:09 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.10 10:56:57 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.01.09 20:44:20 | 000,166,912 | ---- | M] () -- D:\Programme\WinRAR\RarExt.dll
MOD - [2011.11.27 20:14:52 | 000,907,352 | ---- | M] () -- C:\Windows\System32\ncnetprovider.dll
MOD - [2011.11.27 20:14:52 | 000,230,488 | ---- | M] () -- C:\Windows\System32\nwshlxnt.dll
MOD - [2011.11.27 20:14:52 | 000,156,760 | ---- | M] () -- C:\Windows\System32\mapbase.dll
MOD - [2011.11.27 20:14:52 | 000,092,760 | ---- | M] () -- C:\Windows\System32\nclangid.dll
MOD - [2011.11.27 20:14:52 | 000,034,904 | ---- | M] () -- C:\Windows\System32\nwtray.exe
MOD - [2011.11.27 19:43:38 | 000,487,936 | ---- | M] () -- C:\Windows\System32\nls\english\ncnetproviderr.dll
MOD - [2011.11.27 19:42:44 | 000,101,376 | ---- | M] () -- C:\Windows\System32\nls\english\nwshlxntr.dll
MOD - [2011.11.27 19:42:08 | 000,086,016 | ---- | M] () -- C:\Windows\System32\nls\english\mapbaser.dll
MOD - [2011.11.27 19:38:56 | 000,015,872 | ---- | M] () -- C:\Windows\System32\nls\english\nclangidr.dll
MOD - [2010.06.13 23:54:28 | 000,094,208 | ---- | M] () -- D:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2009.06.02 15:00:00 | 000,093,696 | ---- | M] () -- D:\Programme\UltraEdit\ue32ctmn.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
MOD - [2006.02.22 16:47:44 | 000,073,728 | ---- | M] () -- C:\Programme\Cherry\KeyMan\zlib1.dll
MOD - [2006.02.22 16:47:16 | 000,114,688 | ---- | M] () -- C:\Programme\Cherry\KeyMan\libpng13.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.18 15:33:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 19:36:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:35:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.03.22 12:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.27 20:14:52 | 000,016,984 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Programme\Novell\Client\XTier\Services\xtsvcmgr.exe -- (XTSvcMgr)
SRV - [2011.10.18 00:11:03 | 001,673,520 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\DIAL GmbH\DIAL Communication Framework\DialComService.exe -- (DialComService)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.09.22 17:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2011.09.22 17:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2011.09.22 17:17:26 | 000,370,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2011.09.22 17:17:26 | 000,255,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$AUTODESKVAULT)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.09.20 22:20:56 | 003,326,976 | ---- | M] (ANSYS, Inc.) [Auto | Running] -- C:\Programme\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe -- (ANSYS, Inc. License Manager)
SRV - [2010.08.25 15:09:24 | 000,577,582 | ---- | M] (ZF Electronics GmbH) [On_Demand | Running] -- C:\Programme\Cherry\CDI\cdi.exe -- (Cherry Device Interface)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.11.16 19:12:10 | 000,079,360 | ---- | M] (SolidWorks) [Disabled | Stopped] -- C:\Programme\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009.07.21 04:04:00 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.06.01 12:12:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.10.13 20:01:55 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008.06.19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- D:\Programme\Cisco VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.05.23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.05.23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.05.13 01:47:20 | 000,077,480 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:25:07 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)
SRV - [2005.09.23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017unic.sys -- (s0017unic)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017obex.sys -- (s0017obex)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017nd5.sys -- (s0017nd5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017mgmt.sys -- (s0017mgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017mdm.sys -- (s0017mdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017mdfl.sys -- (s0017mdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s0017bus.sys -- (s0017bus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\NSNDIS5.SYS -- (NSNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- SYSTEM32\drivers\DS1410D.SYS -- (DS1410D)
DRV - [2012.07.23 14:06:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.06.26 16:02:36 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012.06.03 20:26:36 | 000,134,928 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012.05.21 04:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.05.21 04:09:00 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.05.08 19:36:01 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:36:01 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.05.04 09:41:24 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2012.04.22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.11.27 20:14:52 | 000,111,192 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\ncrecognizer.sys -- (NCRecognizer)
DRV - [2011.11.27 20:14:52 | 000,091,736 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\ncfilter.sys -- (NCFilter)
DRV - [2011.11.27 20:14:52 | 000,090,712 | ---- | M] () [File_System | Auto | Running] -- C:\Programme\Novell\Client\XTier\Drivers\ncfsd.sys -- (NCFSD)
DRV - [2011.11.27 20:14:52 | 000,066,136 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\ndmndap.sys -- (ndmndap)
DRV - [2011.11.27 20:14:52 | 000,065,112 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nciom.sys -- (nciom)
DRV - [2011.11.27 20:14:52 | 000,064,088 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\ncp.sys -- (ncp)
DRV - [2011.11.27 20:14:52 | 000,060,504 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\Novell\Client\XTier\Drivers\ncioctl.sys -- (NCIOCTL)
DRV - [2011.11.27 20:14:52 | 000,045,656 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nipctl.sys -- (nipctl)
DRV - [2011.11.27 20:14:52 | 000,045,144 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\xtxplat.sys -- (xtxplat)
DRV - [2011.11.27 20:14:52 | 000,041,048 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\ncpl.sys -- (ncpl)
DRV - [2011.11.27 20:14:52 | 000,030,808 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\niam.sys -- (niam)
DRV - [2011.11.27 20:14:52 | 000,028,760 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nsvccost.sys -- (nsvccost)
DRV - [2011.11.27 20:14:52 | 000,027,224 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nscm.sys -- (nscm)
DRV - [2011.11.27 20:14:52 | 000,027,224 | ---- | M] (Novell, Inc.) [Kernel | System | Running] -- C:\Programme\Novell\Client\XTier\Drivers\nicm.sys -- (NICM)
DRV - [2011.11.27 20:14:52 | 000,022,616 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\ncuncfilter.sys -- (NCUncFilter)
DRV - [2011.11.27 20:14:52 | 000,022,104 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\nsns.sys -- (nsns)
DRV - [2011.11.27 20:14:52 | 000,018,520 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Programme\Novell\Client\XTier\Drivers\ndm.sys -- (ndm)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2011.07.29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011.07.29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011.07.08 01:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.01.18 17:38:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2010.07.30 09:47:40 | 000,054,528 | ---- | M] (ZF Electronics GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ch2kPS2M.sys -- (Ch2kPS2M)
DRV - [2010.07.14 13:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.06 01:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2009.06.04 18:41:02 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009.06.04 18:41:02 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.02.27 23:38:40 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.02.27 23:38:30 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008.08.09 20:31:10 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.06.25 07:26:34 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2008.06.19 18:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.05.20 21:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.05.08 11:51:18 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.03.28 12:19:54 | 001,363,088 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2008.01.24 11:41:34 | 000,130,560 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ch2kPS2.sys -- (Ch2kPS2)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.08.23 09:29:06 | 000,112,512 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ch2kUSB.sys -- (Ch2kUSB)
DRV - [2007.01.29 07:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\..\SearchScopes,DefaultScope = {25A74407-F8E8-429E-BF07-7A00F314FAD7}
IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\..\SearchScopes\{25A74407-F8E8-429E-BF07-7A00F314FAD7}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1614058835-672721566-3778044925-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.8
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {7c6d11c6-41b5-11dc-8314-0800200c9a66}:1.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.03.05 12:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.07.18 15:33:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.06.18 11:28:02 | 000,000,000 | ---D | M]
 
[2008.08.07 21:30:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.07.18 16:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions
[2010.04.28 05:26:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.04 19:47:06 | 000,000,000 | ---D | M] (GA?) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\{7c6d11c6-41b5-11dc-8314-0800200c9a66}
[2012.05.21 08:13:14 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.06.21 07:14:51 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\https-everywhere@eff.org
[2012.05.21 08:13:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nc71xmt7.default\extensions\ich@maltegoetz.de
[2012.03.05 12:37:01 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2012.02.12 12:34:45 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NC71XMT7.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.06.21 10:47:11 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NC71XMT7.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2012.06.18 11:28:10 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2012.07.16 17:50:00 | 000,444,198 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1       adlimg24.com
O1 - Hosts: 127.0.0.1       www.adlimg24.com
O1 - Hosts: 127.0.0.1       dmwd.com
O1 - Hosts: 127.0.0.1       www.dmwd.com
O1 - Hosts: 127.0.0.1       ads1.dmwd.com
O1 - Hosts: 127.0.0.1       ad1.dmwd.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 15260 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - d:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CherryKeyMan] C:\Program Files\Cherry\KeyMan\KeyMan.exe (ZF Electronics GmbH)
O4 - HKLM..\Run: [KiesTrayAgent] D:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NWTRAY] C:\Windows\System32\nwtray.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: []  File not found
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [Akamai NetSession Interface] C:\Users\***\AppData\Local\Akamai\netsession_win.exe File not found
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [DisplayFusion] D:\Programme\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [KiesAirMessage] D:\Programme\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [KiesHelper] D:\Programme\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [KiesPDLR] D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [KiesPreload] D:\Programme\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [SandboxieControl] D:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1614058835-672721566-3778044925-1026..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Miranda IM.lnk = D:\Programme\Miranda IM\miranda32.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {0427F569-3D57-4F10-B9FB-8D71A6A7BE24} file:///C:/Users/***/AppData/Local/Temp/FV2GA4/frmeditor.ocx (FormelEditor Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D63BB5D6-83F2-4FF7-B6D2-5077BD3BFECC}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\DisplayFusion\Wallpaper_2.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\DisplayFusion\Wallpaper_2.jpg
O30 - LSA: Authentication Packages - (ncv1_0) - C:\Windows\System32\ncv1_0.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{48f5aa25-d296-11de-840d-001f3ad0f344}\Shell - "" = AutoRun
O33 - MountPoints2\{48f5aa25-d296-11de-840d-001f3ad0f344}\Shell\AutoRun\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{48f5aa25-d296-11de-840d-001f3ad0f344}\Shell\configure\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{48f5aa25-d296-11de-840d-001f3ad0f344}\Shell\install\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{493b8ce5-7db1-11e1-9eb5-af02a593ae9a}\Shell - "" = AutoRun
O33 - MountPoints2\{493b8ce5-7db1-11e1-9eb5-af02a593ae9a}\Shell\AutoRun\command - "" = G:\SISetup.exe
O33 - MountPoints2\{c01de28e-afc4-11e1-8f30-df05454c827e}\Shell - "" = AutoRun
O33 - MountPoints2\{c01de28e-afc4-11e1-8f30-df05454c827e}\Shell\AutoRun\command - "" = H:\iStudio.exe
O33 - MountPoints2\{fb2ba953-25ff-11de-8289-001f3ad0f344}\Shell - "" = AutoRun
O33 - MountPoints2\{fb2ba953-25ff-11de-8289-001f3ad0f344}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.24 12:14:33 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.23 18:53:14 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.07.23 14:06:04 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.23 14:06:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.07.23 14:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.23 14:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.23 14:05:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.23 14:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.23 14:04:50 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.18 14:54:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TortoiseSVN
[2012.07.18 14:42:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TSVNCache
[2012.07.18 14:36:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Subversion
[2012.07.18 14:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
[2012.07.18 14:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2012.07.14 00:10:52 | 000,000,000 | ---D | C] -- C:\Users\***\.android
[2012.07.14 00:10:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
[2012.07.01 23:44:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SelfMV
[2012.07.01 23:39:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MDG
[2012.07.01 23:31:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Temp
[2012.07.01 22:21:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Samsung
[2012.07.01 22:21:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Samsung
[2012.07.01 22:20:57 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\samsung
[2012.07.01 22:04:26 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012.07.01 22:04:26 | 000,080,824 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012.07.01 22:00:27 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012.07.01 21:59:39 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012.07.01 21:59:39 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2012.07.01 21:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2012.07.01 21:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012.07.01 21:49:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.01 21:46:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.24 12:14:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.24 12:13:31 | 000,858,828 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.24 12:13:31 | 000,797,570 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.24 12:13:31 | 000,215,302 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.24 12:13:31 | 000,179,554 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.24 12:06:54 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 12:06:54 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 12:06:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.24 12:05:38 | 000,013,632 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.24 12:05:08 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.07.24 12:03:50 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.07.23 18:53:18 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.07.23 18:44:38 | 000,001,928 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.07.23 14:06:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.23 14:05:44 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.23 14:04:57 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.23 13:39:00 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.07.23 09:36:29 | 000,194,560 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.16 17:50:00 | 000,444,198 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.07.13 00:24:32 | 000,011,527 | ---- | M] () -- C:\Users\***\gsview32.ini
[2012.07.11 23:57:08 | 000,167,936 | ---- | M] () -- C:\Users\***\Documents\Excel2LaTeX.xla
[2012.07.11 00:37:28 | 002,470,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.11 00:32:49 | 367,189,208 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.06 13:47:40 | 000,088,302 | ---- | M] () -- C:\Windows\FontData.fdb
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.26 16:03:06 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012.06.26 16:02:36 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012.06.26 16:02:36 | 000,020,032 | ---- | M] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2012.06.24 21:03:20 | 000,021,504 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.24 12:04:40 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.07.24 12:03:49 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.07.23 14:05:44 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.12 00:04:57 | 000,167,936 | ---- | C] () -- C:\Users\***\Documents\Excel2LaTeX.xla
[2012.06.03 20:25:52 | 000,001,928 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.05.05 10:38:35 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012.05.05 10:38:34 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012.05.05 10:38:34 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012.05.05 10:38:34 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012.05.05 10:38:34 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012.04.03 19:56:30 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2012.04.03 19:56:30 | 000,147,456 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2012.04.03 19:56:14 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.dll
[2012.04.03 19:56:11 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2012.04.03 19:56:08 | 000,054,272 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2012.03.21 18:12:55 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2012.03.09 11:28:33 | 000,498,589 | ---- | C] () -- C:\Users\***\LifeHacks.jpg
[2012.03.04 22:28:54 | 000,001,855 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.02.27 19:08:04 | 004,384,161 | ---- | C] () -- C:\Users\***\T-Touch manual.pdf
[2012.02.22 17:13:33 | 000,000,092 | ---- | C] () -- C:\Windows\Dialux.ini
[2012.02.19 23:14:43 | 000,007,696 | ---- | C] () -- C:\Users\***\untitled1_MAS.bak
[2011.11.27 20:14:52 | 001,832,536 | ---- | C] () -- C:\Windows\System32\noveap.dll
[2011.11.27 20:14:52 | 000,907,352 | ---- | C] () -- C:\Windows\System32\ncnetprovider.dll
[2011.11.27 20:14:52 | 000,662,104 | ---- | C] () -- C:\Windows\System32\ncloginui.dll
[2011.11.27 20:14:52 | 000,424,024 | ---- | C] () -- C:\Windows\System32\nccredprovider.dll
[2011.11.27 20:14:52 | 000,230,488 | ---- | C] () -- C:\Windows\System32\nwshlxnt.dll
[2011.11.27 20:14:52 | 000,185,944 | ---- | C] () -- C:\Windows\System32\lgnwnt32.dll
[2011.11.27 20:14:52 | 000,156,760 | ---- | C] () -- C:\Windows\System32\mapbase.dll
[2011.11.27 20:14:52 | 000,111,192 | ---- | C] () -- C:\Windows\System32\drivers\ncrecognizer.sys
[2011.11.27 20:14:52 | 000,092,760 | ---- | C] () -- C:\Windows\System32\nclangid.dll
[2011.11.27 20:14:52 | 000,091,736 | ---- | C] () -- C:\Windows\System32\drivers\ncfilter.sys
[2011.11.27 20:14:52 | 000,039,512 | ---- | C] () -- C:\Windows\System32\ncv1_0.dll
[2011.11.27 20:14:52 | 000,034,904 | ---- | C] () -- C:\Windows\System32\nwtray.exe
[2011.11.27 20:14:52 | 000,026,200 | ---- | C] () -- C:\Windows\System32\loginw32.exe
[2011.11.27 20:14:52 | 000,022,616 | ---- | C] () -- C:\Windows\System32\drivers\ncuncfilter.sys
[2011.11.27 20:14:52 | 000,014,424 | ---- | C] () -- C:\Windows\System32\nccredlogonext.dll
[2011.03.07 00:04:52 | 000,017,708 | ---- | C] () -- C:\Users\***\temp.rar
[2010.04.11 20:47:10 | 000,021,504 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2009.11.16 00:45:46 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\Temptable.xml
[2009.07.20 16:52:12 | 000,000,093 | ---- | C] () -- C:\Users\***\psv.ini
[2009.07.10 13:08:05 | 000,011,527 | ---- | C] () -- C:\Users\***\gsview32.ini
[2009.06.07 19:19:38 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.05.31 13:28:05 | 000,022,420 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2008.09.12 12:19:23 | 000,015,503 | ---- | C] () -- C:\Users\***\Telekom Shop Bankverbindung.html
[2008.08.07 16:13:33 | 000,194,560 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2012.02.04 07:14:50 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\Cherry
[2010.05.07 21:29:46 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\ICAClient
[2011.03.27 06:30:39 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\IM
[2011.01.23 12:11:17 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\Nokia
[2011.01.23 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\Nokia Ovi Suite
[2011.01.23 12:06:12 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\PC Suite
[2012.07.20 19:28:56 | 000,000,000 | ---D | M] -- C:\Users\***AccMitUserRechten***\AppData\Roaming\Subversion
[2011.03.22 20:17:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ansys
[2010.01.22 23:23:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk
[2010.08.17 21:13:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BlackBean
[2011.01.27 19:45:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CADClick
[2011.05.15 22:33:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2009.07.01 22:19:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.01.30 09:23:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cherry
[2008.08.09 20:30:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools
[2010.02.01 13:23:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DassaultSystemes
[2012.06.18 23:20:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DisplayFusion
[2012.05.03 21:33:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2010.02.01 13:27:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EDrawings
[2009.07.09 14:08:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eXPert PDF Editor
[2010.01.18 15:02:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Faustkeil
[2011.07.18 14:01:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.04.14 21:47:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2010.05.04 17:50:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICAClient
[2012.02.01 11:03:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2012.05.04 15:09:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IM
[2012.03.04 22:29:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2012.04.14 22:57:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2011.06.19 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ITI GmbH
[2012.05.28 00:21:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media
[2010.10.06 21:27:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.08.31 10:25:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2010.01.23 01:13:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Luxology
[2012.02.10 19:13:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.02.14 10:27:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NoNameScript
[2009.06.15 15:27:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2009.05.31 13:28:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2012.07.19 16:54:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2008.09.05 12:50:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2011.12.03 11:43:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SFBot
[2012.07.18 14:36:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2012.04.02 16:34:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2012.07.01 23:45:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2011.07.24 21:16:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity
[2011.02.06 22:31:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinEdt Team
[2012.02.28 01:33:21 | 000,000,000 | ---D | M] -- C:\Users\***AndererAccMitUserRechten***\AppData\Roaming\Cherry
[2012.02.28 01:31:21 | 000,000,000 | ---D | M] -- C:\Users\***AndererAccMitUserRechten***\AppData\Roaming\PC Suite
[2012.07.24 12:05:45 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\***\Desktop\bernie_MotoGP_BestOf.avi:TOC.WMV

< End of report >
         
Was mir dabei aufgefallen ist:
MusicCityDownload.exe im Windowsordner scheint wohl von Kies (iTunes-Ersatz von Samsung) zu kommen. ( hxxp://gadgets.itwriting.com/971-why-is-musiccitydownload-exe-in-my-windows-folder.html )
OTL-Extras:
Code:
ATTFilter
OTL Extras logfile created on: 24.07.2012 12:15:21 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,46% Memory free
6,19 Gb Paging File | 4,61 Gb Available in Paging File | 74,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 89,38 Gb Total Space | 28,67 Gb Free Space | 32,07% Space Free | Partition Type: NTFS
Drive D: | 198,70 Gb Total Space | 4,56 Gb Free Space | 2,30% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- D:\Programme\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- D:\Programme\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1614058835-672721566-3778044925-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]| 
"{FA47EC7E-4AA0-420B-89C3-C6F5C368A6F4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B3B4516-6AF8-4175-9DB9-AD76926A0979}" = dir=in | app=d:\programme\skype\phone\skype.exe | 
"{0DA83F54-2434-4BA8-A531-32D36424E728}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{30394370-CD25-4DD3-8B2E-A0320B2579E5}" = protocol=6 | dir=in | app=d:\programme\displayfusion\displayfusion.exe | 
"{327DAE70-5151-43D2-9FDD-02B01DA942F0}" = protocol=17 | dir=in | app=d:\programme\displayfusion\displayfusion.exe | 
"{3F9ECE31-3833-491C-BD8F-7AA823350A8D}" = protocol=6 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\math.exe | 
"{47A11383-4D64-409E-A95B-DB9502A25CD0}" = protocol=6 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\mathkernel.exe | 
"{4BC00A92-7392-4955-8571-E7D79776D9E1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{5394D5A6-272B-4CFC-9085-6B4FA8F2FD17}" = protocol=17 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\mathematica.exe | 
"{5C5D490D-BA6A-47E5-9E3D-77DEC8677F8E}" = protocol=17 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\mathkernel.exe | 
"{6C23E28D-EAAF-45F8-A132-4523748808E6}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"{8AC3DB58-5918-4583-91BF-3A7AE2392B2E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{8FDD2DFB-93CE-4550-A7E3-E01EF8E0604D}" = protocol=6 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\mathematica.exe | 
"{9FA25F3E-A1E5-42D6-8754-8AEAD6FE7648}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"{A0DA9464-8B44-4C62-B6A6-69BBADFFE6F0}" = protocol=17 | dir=in | app=d:\programme\wolfram research\mathematica\8.0\math.exe | 
"{B4A27011-54EE-4ABF-8EF1-B256113E208B}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"{B77E7455-5E8E-4A95-B001-B2D770224ACE}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"{B841D5E1-4F92-4A7E-B7BB-25E3416C4B87}" = dir=in | app=d:\spiele\port royale 3\portroyale3.exe | 
"{BA568739-211D-4395-BCE5-339586B1FD74}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D5ACFD9A-E4DE-40B5-B1D2-1BA3F92F5772}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"{D74D42CA-414E-445D-A482-6CA5425ACF3D}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"{E1F406D7-9580-47E5-99FC-8FD2E8683AE2}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{EAA0EF14-2BBC-4D08-9CA4-7219CFE5FB02}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{F2E9649C-87B0-4064-8EE9-5652B4811629}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"TCP Query User{0003BF3D-4ADD-40CC-A0A2-B9DA1DF80E9B}D:\spiele\counter strike\hl.exe" = protocol=6 | dir=in | app=d:\spiele\counter strike\hl.exe | 
"TCP Query User{066B394A-C83F-448D-9C8B-1ECFD51B809B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{072BF13F-F4F9-4D0D-8E57-644F17BB098F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{0F806D5F-5F63-4DC3-8F23-7ECEC69A2E40}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{11C5A31C-4DF6-4F72-A2A8-1A8AB012AB8F}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"TCP Query User{139E875D-9716-4A53-8BC0-C5BA9010E072}D:\programme\maple 15\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\programme\maple 15\jre\bin\maple.exe | 
"TCP Query User{20356FB0-A3E9-4343-8FE9-F8760EABFC05}D:\programme\maple 12\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\programme\maple 12\jre\bin\maple.exe | 
"TCP Query User{24642AD8-ECA2-4F48-8C93-1305DEC72BB0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{267FDCA5-E355-4676-857A-EC61A4690FEB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{2A35A38C-305C-4F66-BC02-E813E58B8536}D:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe | 
"TCP Query User{3320EBAD-44C1-49E2-A6B6-14753539EC90}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{43F4406F-AF14-4B0C-961C-D4F0E0B0D189}D:\programme\autodesk\inventor 2010\bin\inventor.exe" = protocol=6 | dir=in | app=d:\programme\autodesk\inventor 2010\bin\inventor.exe | 
"TCP Query User{47601E78-31B8-4D81-8F82-C9C71902C854}D:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe | 
"TCP Query User{58214E82-4186-42AF-B3CE-BD431F72DBD4}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | 
"TCP Query User{5831E173-CA42-4FF2-BB76-C899871EFA32}D:\programme\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\programme\miranda im\miranda32.exe | 
"TCP Query User{60DA34A1-1658-485C-8BDF-9B22156295A8}D:\programme\ansys inc\v130\aisol\bin\intel\ansyswbu.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\aisol\bin\intel\ansyswbu.exe | 
"TCP Query User{65B98C32-2635-4E83-A367-780BE9F6D6EE}D:\programme\maple 12\jre\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\maple 12\jre\bin\java.exe | 
"TCP Query User{69B9C597-8903-4512-A98A-FFBEEA88A3F3}D:\programme\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\programme\miranda im\miranda32.exe | 
"TCP Query User{74713D6F-C83C-47B8-BC3A-D4F3A26A6476}C:\program files\ansys inc\shared files\licensing\win32\ansyslmd.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\win32\ansyslmd.exe | 
"TCP Query User{75F9AA11-6367-45F9-8BD1-73E6637ADFF1}D:\spiele\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=d:\spiele\anno 1701\anno1701.exe | 
"TCP Query User{79FDAA71-A69F-4DE9-9471-7D140396E9B4}D:\download\netscan.exe" = protocol=6 | dir=in | app=d:\download\netscan.exe | 
"TCP Query User{7C6B9D0A-A24F-49A4-8FFA-CEF99296ABA1}D:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii\war3.exe | 
"TCP Query User{8E52B57A-0CDB-49BF-973B-6B2D945C9C04}D:\programme\ansys inc\shared files\licensing\win32\ansysli_client.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\shared files\licensing\win32\ansysli_client.exe | 
"TCP Query User{902E698B-1432-4423-B1DB-6D55086E714C}D:\programme\ansys inc\v130\rsm\bin\ans.rsm.admin.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\rsm\bin\ans.rsm.admin.exe | 
"TCP Query User{92EB2E50-AF5D-429C-8AF5-C103AAC43381}D:\programme\ansys inc\v130\framework\bin\win32\ansysfww.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\framework\bin\win32\ansysfww.exe | 
"TCP Query User{92FECA96-B18A-4402-85CD-BBE293C98B30}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{9433A55A-F287-484E-9634-B447959915F3}D:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe | 
"TCP Query User{9962F9F9-BD43-4C64-9623-522D5592647D}D:\programme\icq6\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6\icq.exe | 
"TCP Query User{A33D55C0-F959-4E40-85A9-B4EB2119E185}C:\program files\ansys inc\shared files\licensing\win32\lmgrd.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\win32\lmgrd.exe | 
"TCP Query User{A3826CF1-9126-41FB-A920-319A46522F6D}D:\spiele\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\spiele\fifa 11\game\fifa.exe | 
"TCP Query User{A81D10CD-AC50-42B5-AD53-F7B043584071}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{B192334C-4E5F-44D1-BE85-6EBD98192276}C:\program files\matlab\r2008a\bin\win32\matlab.exe" = protocol=6 | dir=in | app=c:\program files\matlab\r2008a\bin\win32\matlab.exe | 
"TCP Query User{B793AF81-5456-45D7-B421-37FF8C999BE0}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{B839459C-885A-47A5-B2BE-B95C89998B9D}D:\programme\ansys inc\v130\rsm\bin\ans.rsm.jmhost130.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\rsm\bin\ans.rsm.jmhost130.exe | 
"TCP Query User{B99DDAD1-57AD-4528-8F8D-3CA5478BCBA0}D:\programme\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\programme\mirc\mirc.exe | 
"TCP Query User{BA2E4EE0-5903-46A1-A57A-147602C7AA49}D:\programme\maple 15\jre\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\maple 15\jre\bin\java.exe | 
"TCP Query User{BB587C3A-53DF-4289-833E-94043EACF46A}D:\programme\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\programme\vlc\vlc.exe | 
"TCP Query User{BED53A40-135B-4C12-A6BF-B501BC74EFA2}D:\programme\autodesk\inventor 2010\bin\inventor.exe" = protocol=6 | dir=in | app=d:\programme\autodesk\inventor 2010\bin\inventor.exe | 
"TCP Query User{C05D47B8-0E8E-40C8-896B-0BD825257CD6}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{C0C4F851-9CE2-438A-BED9-6CB496092A7B}D:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe | 
"TCP Query User{CCB20D30-A6CF-449A-BBC0-5FE316D241EF}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{CD2B0195-38BF-4C59-A94A-1727CDC21B8F}D:\programme\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=d:\programme\mozilla firefox\firefox.exe | 
"TCP Query User{CF6D348A-00CA-4839-88D9-1EBD487555C4}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{CFF45F06-BA13-4637-838E-9A3744EB6EB6}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{D496F622-9DB2-439D-8E40-59724BAA656D}D:\fussball manager 10\eadm\core.exe" = protocol=6 | dir=in | app=d:\fussball manager 10\eadm\core.exe | 
"TCP Query User{D5FEF2BC-44EE-41B3-BDD3-6C8C84675691}C:\program files\ansys inc\v110\cfx\bin\winnt\postgui_ogl.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v110\cfx\bin\winnt\postgui_ogl.exe | 
"TCP Query User{DB1E6449-1798-430C-A748-8BC8BF7CC363}D:\programme\icq6\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6\icq.exe | 
"TCP Query User{DEF745D3-8548-453B-AA22-2A47A224DA0E}D:\programme\maple 12\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\programme\maple 12\jre\bin\maple.exe | 
"TCP Query User{E0A054D4-B739-436C-8AF5-10E46C5CADA2}D:\spiele\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\gta iv\grand theft auto iv\gtaiv.exe | 
"TCP Query User{E1CA6D17-2407-4BB2-A38C-945689E0A4AB}D:\programme\maple 15\jre\bin\maple.exe" = protocol=6 | dir=in | app=d:\programme\maple 15\jre\bin\maple.exe | 
"TCP Query User{EE979F44-5424-4648-8F2F-07C8CD8B4E0E}D:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe | 
"TCP Query User{F0E0F089-8ADC-4B0E-B6F7-3C593901F369}D:\programme\maple 12\jre\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\maple 12\jre\bin\java.exe | 
"TCP Query User{F1EC132A-AEF7-4B57-AFA2-B455032D27A1}D:\spiele\cs_cz\hl.exe" = protocol=6 | dir=in | app=d:\spiele\cs_cz\hl.exe | 
"TCP Query User{F7880671-102F-48A7-A189-6249F0B3CDFF}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{FB82486B-6B36-4ACF-ACFE-E1BDAC519420}D:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe | 
"UDP Query User{025213D8-15FD-45C4-8C3E-8CCDE7859DBB}D:\programme\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\programme\miranda im\miranda32.exe | 
"UDP Query User{0CE54713-BEEB-4436-BC4A-D9EAAEFE5EC9}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{0DCA51AE-5DD5-4C8E-AAF4-0A79307EC3F6}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{0F0E6559-BCAD-453F-B23C-D260C83908A1}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{10918ACA-E292-40E9-B5AD-C78046E50BDE}D:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii\war3.exe | 
"UDP Query User{183C5FD4-2F26-4285-A545-D09684D3EA3F}D:\programme\ansys inc\v130\framework\bin\win32\ansysfww.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\framework\bin\win32\ansysfww.exe | 
"UDP Query User{195C55EE-A0D0-4428-91DF-BA8737F63121}D:\programme\maple 12\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\programme\maple 12\jre\bin\maple.exe | 
"UDP Query User{1975D4E8-557E-4555-AFED-97F628BCEAE0}D:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe | 
"UDP Query User{252B076B-434B-42F6-8EA6-55EFE296BEAB}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{2535B131-14F3-4FBA-B097-4F793897361D}D:\programme\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\programme\mirc\mirc.exe | 
"UDP Query User{264C8DE6-A27A-4B4D-B0ED-A0D33F3E395E}D:\programme\ansys inc\v130\rsm\bin\ans.rsm.jmhost130.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\rsm\bin\ans.rsm.jmhost130.exe | 
"UDP Query User{2D8C660A-18D9-43F0-B059-EF3BFEBE771E}D:\programme\ansys inc\v130\rsm\bin\ans.rsm.admin.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\rsm\bin\ans.rsm.admin.exe | 
"UDP Query User{2E2AAACA-15AD-46E0-9167-41D74E3B4952}D:\programme\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\programme\vlc\vlc.exe | 
"UDP Query User{33E4203E-43AB-4AD3-81B1-058C97D57C75}D:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe | 
"UDP Query User{344D6A53-9035-4C46-B8F0-68281633984C}C:\program files\ansys inc\v110\cfx\bin\winnt\postgui_ogl.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v110\cfx\bin\winnt\postgui_ogl.exe | 
"UDP Query User{36D02F34-ECAA-48B0-9130-B517F16B6143}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{3C231996-6B11-451C-84C6-9A9348B716C0}D:\spiele\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\gta iv\grand theft auto iv\gtaiv.exe | 
"UDP Query User{441DF08D-8D26-4255-AAEE-44889B11BC5D}D:\programme\maple 12\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\programme\maple 12\jre\bin\maple.exe | 
"UDP Query User{443B8C77-CEE0-4350-BE6D-CF81184D60F3}D:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\tcl\bin\intel\wish.exe | 
"UDP Query User{457E39E9-E59D-411A-91D2-A5C421C0B60D}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | 
"UDP Query User{573A2B94-9B9C-4E89-9785-2B537CB261A2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{5967AE43-6D8F-4587-8096-C75A40F4F4C0}D:\programme\autodesk\inventor 2010\bin\inventor.exe" = protocol=17 | dir=in | app=d:\programme\autodesk\inventor 2010\bin\inventor.exe | 
"UDP Query User{60D7A269-137C-4315-8F7B-3D0734828C89}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{64BFA2DF-AC50-4009-BD5E-F30A4371B0AF}D:\download\netscan.exe" = protocol=17 | dir=in | app=d:\download\netscan.exe | 
"UDP Query User{6899E44A-2566-416E-B2E1-7531DB4AD746}C:\program files\ansys inc\shared files\licensing\win32\lmgrd.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\win32\lmgrd.exe | 
"UDP Query User{7337A83B-4ED4-49E5-A184-290A74D70269}D:\programme\icq6\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6\icq.exe | 
"UDP Query User{7996125B-CEE5-4E94-85E2-D57A024E74D2}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{810A2510-E2EC-4E4B-90C8-747BE44A389F}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"UDP Query User{83F75AC3-D031-41D5-BF00-F1ECDA6D5410}D:\spiele\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\spiele\fifa 11\game\fifa.exe | 
"UDP Query User{8571DAE9-F0F4-41E5-ABF8-ED6F4A189C9C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{8C6830BE-24D2-4BDA-89C2-8F07B7625713}D:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe | 
"UDP Query User{A8C84A89-2CBF-4915-A219-E3D1CB414881}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{AA6E4042-49DF-4392-A4FA-3E077C94D513}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{AC6842EA-C240-4811-B5F3-50B8036AB736}D:\spiele\cs_cz\hl.exe" = protocol=17 | dir=in | app=d:\spiele\cs_cz\hl.exe | 
"UDP Query User{ACC5D895-A96C-4EE4-8F5F-011C11A042AB}C:\program files\matlab\r2008a\bin\win32\matlab.exe" = protocol=17 | dir=in | app=c:\program files\matlab\r2008a\bin\win32\matlab.exe | 
"UDP Query User{B07A2D2E-57B1-4B01-9D16-1E1086574144}D:\programme\maple 15\jre\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\maple 15\jre\bin\java.exe | 
"UDP Query User{B8EC1D1A-D979-41A5-89EF-765BD3B35D7B}D:\programme\maple 15\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\programme\maple 15\jre\bin\maple.exe | 
"UDP Query User{C08E0066-6D32-4392-8E54-DB336C36A1B2}D:\programme\icq6\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6\icq.exe | 
"UDP Query User{C61264E7-15DD-4AF1-9F7C-B79F712C64AF}D:\programme\ansys inc\shared files\licensing\win32\ansysli_client.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\shared files\licensing\win32\ansysli_client.exe | 
"UDP Query User{CB2A92D2-7E0A-4FC0-9FC9-26C1A0F14646}D:\fussball manager 10\eadm\core.exe" = protocol=17 | dir=in | app=d:\fussball manager 10\eadm\core.exe | 
"UDP Query User{CD3C1751-A1E7-499E-B95B-38A4BA4CE932}D:\spiele\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=d:\spiele\anno 1701\anno1701.exe | 
"UDP Query User{CD6FEF83-0B16-4A4D-8CDA-B2BB9B9398DE}D:\programme\maple 12\jre\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\maple 12\jre\bin\java.exe | 
"UDP Query User{CFBDB506-2CBC-4147-A904-A0DECF31B911}D:\programme\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\programme\miranda im\miranda32.exe | 
"UDP Query User{D1ED20AC-652B-464A-A127-29F110CD4F50}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{D23E9902-F981-49DB-A89B-1C24C1EC620D}D:\programme\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=d:\programme\mozilla firefox\firefox.exe | 
"UDP Query User{D27EAEFE-40B4-4CA2-A742-B5753B0D3313}D:\programme\maple 12\jre\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\maple 12\jre\bin\java.exe | 
"UDP Query User{D423D7C1-3FD1-4B6B-A4E7-DD0D0D80D6E1}D:\programme\ansys inc\v130\aisol\bin\intel\ansyswbu.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\aisol\bin\intel\ansyswbu.exe | 
"UDP Query User{D4656EEB-E9BB-439F-81BB-7E86031E5DE3}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{D65076D4-6A5D-4AD0-82BE-2873DC55E700}D:\spiele\counter strike\hl.exe" = protocol=17 | dir=in | app=d:\spiele\counter strike\hl.exe | 
"UDP Query User{D7189906-A2CF-49C0-8A3E-A525796FA03B}D:\programme\autodesk\inventor 2010\bin\inventor.exe" = protocol=17 | dir=in | app=d:\programme\autodesk\inventor 2010\bin\inventor.exe | 
"UDP Query User{DB41E237-838B-425E-BA98-8A4E64216A4D}C:\program files\ansys inc\shared files\licensing\win32\ansyslmd.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\win32\ansyslmd.exe | 
"UDP Query User{ECBD9913-81A8-4D76-85C0-1AC90EF9E753}D:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\ansys inc\v130\commonfiles\jre\intel\bin\java.exe | 
"UDP Query User{FE6130B5-0244-4DF9-BDE7-0104B640367A}D:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe | 
"UDP Query User{FEE21DD3-0F4B-412F-BC7A-75BE3C603C59}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{FFDFB49C-72E5-4613-950B-3DE33A08FE74}D:\programme\maple 15\jre\bin\maple.exe" = protocol=17 | dir=in | app=d:\programme\maple 15\jre\bin\maple.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{02BFF1A3-A0D5-4F64-8558-A22682BCDA58}" = ActivePerl 5.14.2 Build 1402
"{03A4C6A1-26E9-4DDB-81D9-B332E5BB10AD}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{04A5ABD3-272A-4958-836C-8DED3F177E51}" = SolidWorks eDrawings 2012
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix Online Plug-in (Web)
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FB138CC-5503-4B4A-BC42-81E9C1FF26EE}" = Autodesk Inventor Content Center Libraries 2010 (Desktop Content)
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22BA09CF-141D-45AD-B3F3-715B4B6C55A8}" = calibre
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x86
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix Online Plug-in (USB)
"{3F084E0E-E7D3-439D-9AC3-8312B2184347}" = SolidWorks 2012 Document Manager API
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AA24280-6FF2-40D1-B34C-40DA7E3317D4}" = IguanaTex
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{52969324-463B-4643-BF36-854BE2BECB89}" = Autodesk Inventor 2010 Language Pack - Deutsch
"{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}" = Microsoft SQL Server 2008 Native Client
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{562D0D31-FBAF-4505-8B27-4EC92EEA91D6}" = DIAL Communication Framework
"{56BC75EA-B19F-4C14-85B8-3FA61C0C791F}" = NMAS Client
"{5783F2D7-8001-0407-0002-0060B0CE6BBA}" = AutoCAD 2010 - Deutsch
"{5783F2D7-8001-0407-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - Deutsch
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix Online Plug-in (DV)
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{68DED384-1F74-4AEE-8B8E-95AF15572FE3}" = Port Royale 3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E9CFEF5-0245-411F-8587-CF83DF9D4B05}" = Microsoft SQL Server 2008 Database Engine Services
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7F4DD591-1400-0409-0000-7107D70F3DB4}" = Autodesk Inventor 2010
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{827990C7-4D30-3627-A2D1-5FFA09198BB2}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{8418FE6C-36B5-4023-8704-5DC2F21BB2E8}" = UltraEdit 15.00
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8CBFE0AB-3EBF-4103-BA48-59EB4FF66AD1}" = NMAS Challenge Response Method
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC8B571C-9C6E-47C1-A508-3BF1BCBED443}" = Deep Exploration 6 CE
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B265F77C-A0CF-4364-8C26-A0ADA16FA4F7}" = Nokia Mobile VPN Client Policy Tool
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B3D1CFF9-C5DA-3590-894B-40821DDB67C5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C83CD843-260E-3BD0-86BC-4E613BFDDE0A}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU
"{CB09F557-4821-46D0-BF86-8D1389AA6BC7}" = Tabellenbuch Metall digital
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{DC627AE5-A2B1-4D16-AF56-178D10EC3E81}" = KeyMan V3.6 Build 6
"{DE9CF741-20F7-488B-8B85-9D0F86FA51B4}" = TortoiseSVN 1.7.7.22907 (32 bit)
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E0D55506-9C88-4879-B61F-A5E4D0A5B460}" = SolidWorks viewer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA2F9282-383C-3DAC-A2B7-DE19E6A528E9}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) Language Pack - DEU
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix Online Plug-in (HDX)
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Android SDK Tools" = Android SDK Tools
"Audacity_is1" = Audacity 1.2.6
"AutoCAD 2010 - Deutsch" = AutoCAD 2010 - Deutsch
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Autodesk Inventor 2010" = Autodesk Inventor Professional 2010
"Autodesk Inventor 2010 SP1" = Autodesk Inventor 2010 SP1
"Avira AntiVir Desktop" = Avira Free Antivirus
"A-WIN-Extras 8.0.4 2615434_is1" = Mathematica Extras 8.0 (2615434)
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.1
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"DWG TrueView 2010" = DWG TrueView 2010
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"ffdshow_is1" = ffdshow [rev 2975] [2009-05-28]
"FileZilla Client" = FileZilla Client 3.3.3
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"GSview 4.9" = GSview 4.9
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"latex2eps_is1" = latex2eps 0.11
"MagicMap" = MagicMap
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Maple 12" = Maple 12
"Maple 15" = Maple 15
"Matlab R2012a" = MATLAB R2012a
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Miranda IM" = Miranda IM 0.9.44
"mIRC" = mIRC
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"M-WIN-G 8.0.4 2615565_is1" = Wolfram Mathematica 8 for Students (M-WIN-G 8.0.4 2615565)
"Nokia Suite" = Nokia Suite
"Novell Client for Windows" = Novell Client for Windows
"OpenAL" = OpenAL
"ProInst" = Intel PROSet Wireless
"Sandboxie" = Sandboxie 3.66 (32-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Totalcmd" = Total Commander (Remove or Repair)
"UltraISO_is1" = UltraISO Premium V9.52
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"Zattoo4" = Zattoo4 4.0.4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1614058835-672721566-3778044925-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NoNameScript" = NNScript
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.07.2012 18:07:27 | Computer Name = *** | Source = System Restore | ID = 8193
Description = 
 
Error - 23.07.2012 18:07:28 | Computer Name = *** | Source = System Restore | ID = 8193
Description = 
 
Error - 23.07.2012 18:17:05 | Computer Name = *** | Source = System Restore | ID = 8193
Description = 
 
Error - 23.07.2012 18:17:07 | Computer Name = *** | Source = System Restore | ID = 8193
Description = 
 
Error - 23.07.2012 18:18:06 | Computer Name = *** | Source = System Restore | ID = 8193
Description = 
 
Error - 23.07.2012 18:18:06 | Computer Name = *** | Source = System Restore | ID = 8193
Description = 
 
Error - 24.07.2012 00:43:48 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.07.2012 02:12:31 | Computer Name = *** | Source = System Restore | ID = 8193
Description = 
 
Error - 24.07.2012 05:24:22 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.07.2012 06:07:17 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 23.07.2012 12:52:37 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 24.07.2012 00:43:49 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.07.2012 00:43:49 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.07.2012 00:45:11 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 24.07.2012 05:24:22 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.07.2012 05:24:22 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.07.2012 05:25:55 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 24.07.2012 06:07:17 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.07.2012 06:07:17 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.07.2012 06:12:22 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
Gmer:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-24 13:19:29
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000
Running: fwb5m14j.exe; Driver: C:\Users\***\AppData\Local\Temp\uxrdqpod.sys


---- System - GMER 1.0.15 ----

SSDT            90E66D5E                                                                                                                          ZwCreateSection
SSDT            90E66D68                                                                                                                          ZwRequestWaitReplyPort
SSDT            90E66D63                                                                                                                          ZwSetContextThread
SSDT            90E66D6D                                                                                                                          ZwSetSecurityObject
SSDT            90E66D72                                                                                                                          ZwSystemDebugControl
SSDT            90E66CFF                                                                                                                          ZwTerminateProcess

INT 0x61        ?                                                                                                                                 900397D0
INT 0x71        ?                                                                                                                                 90039A50

Code            A88CDBFC                                                                                                                          ZwTraceEvent
Code            A88CDBFB                                                                                                                          NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!NtTraceEvent                                                                                                         8287BF94 5 Bytes  JMP A88CDC00 
.text           ntoskrnl.exe!KeInsertQueue + 405                                                                                                  828ADA3C 4 Bytes  [5E, 6D, E6, 90] {POP ESI; INSD ; OUT 0x90, AL}
.text           ntoskrnl.exe!KeInsertQueue + 729                                                                                                  828ADD60 4 Bytes  [68, 6D, E6, 90]
.text           ntoskrnl.exe!KeInsertQueue + 75D                                                                                                  828ADD94 4 Bytes  [63, 6D, E6, 90] {ARPL [EBP-0x1a], BP; NOP }
.text           ntoskrnl.exe!KeInsertQueue + 7C1                                                                                                  828ADDF8 4 Bytes  [6D, 6D, E6, 90] {INSD ; INSD ; OUT 0x90, AL}
.text           ntoskrnl.exe!KeInsertQueue + 809                                                                                                  828ADE40 4 Bytes  [72, 6D, E6, 90] {JB 0x6f; OUT 0x90, AL}
.text           ...                                                                                                                               
PAGE            ntoskrnl.exe!NtRequestPort + 2                                                                                                    82A02B69 5 Bytes  JMP A88CDCA0 
PAGE            ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 2                                                                                        82A5AEE8 5 Bytes  JMP A88CDDE0 
.text           win32k.sys!XFORMOBJ_iGetXform + 457F                                                                                              A2C8078C 5 Bytes  JMP A88CD5C0 
.text           win32k.sys!XFORMOBJ_iGetXform + 70FA                                                                                              A2C83307 5 Bytes  JMP A88CD700 
.text           win32k.sys!EngMulDiv + 4D41                                                                                                       A2CCA670 5 Bytes  JMP A88CD660 
.text           win32k.sys!EngMulDiv + 8C36                                                                                                       A2CCE565 5 Bytes  JMP A88CD520 
.text           win32k.sys!EngStrokePath + 5FF                                                                                                    A2CD7A1C 5 Bytes  JMP A88CDA20 
.text           win32k.sys!EngAlphaBlend + 88BE                                                                                                   A2CEED3B 5 Bytes  JMP A88CD3E0 
.text           win32k.sys!EngAlphaBlend + 9B48                                                                                                   A2CEFFC5 5 Bytes  JMP A88CD480 
.text           win32k.sys!STROBJ_vEnumStart + 4728                                                                                               A2D07749 5 Bytes  JMP A88CDAC0 
.text           win32k.sys!CLIPOBJ_bEnum + 24A                                                                                                    A2D2B56C 5 Bytes  JMP A88CD840 
.text           win32k.sys!EngLineTo + A15                                                                                                        A2D4D5BD 5 Bytes  JMP A88CD7A0 
.text           win32k.sys!EngLineTo + DD5D                                                                                                       A2D5A905 5 Bytes  JMP A88CDB60 
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                                            section is writeable [0xABA1B300, 0x3ACC8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                            section is writeable [0xABAEE300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           D:\Programme\TortoiseSVN\bin\TSVNCache.exe[4796] kernel32.dll!SetUnhandledExceptionFilter + 2                                     77CFA8C7 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text           D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5524] ntdll.dll!DbgUiRemoteBreakin                                 77C0CD44 1 Byte  [C3]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                           Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd65b4f                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd6642e                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@001d2885a723                                          0x09 0x13 0x00 0x26 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@0016b88fc755                                          0x6C 0xAD 0x77 0x5F ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@000fde82306f                                          0x9F 0xD2 0x7A 0x83 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@0025483f4f86                                          0xE5 0x2C 0xE2 0x3A ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@942053f2473d                                          0x47 0x30 0x0B 0x38 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3ad0f344@b8d9cebe6c7c                                          0x37 0x79 0x8F 0xE2 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                               D:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                               0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                            0xA3 0x98 0xA4 0xE1 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                      0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                   0x33 0xE8 0x19 0xF4 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                   
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                             0xA6 0xC3 0x3C 0xBB ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                                   
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                             0xE5 0x64 0x43 0x7A ...
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6 (not active ControlSet)                                   
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001e4cd65b4f (not active ControlSet)                                   
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001e4cd6642e (not active ControlSet)                                   
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344 (not active ControlSet)                                   
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@001d2885a723                                              0x09 0x13 0x00 0x26 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@0016b88fc755                                              0x6C 0xAD 0x77 0x5F ...
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@000fde82306f                                              0x9F 0xD2 0x7A 0x83 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@0025483f4f86                                              0xE5 0x2C 0xE2 0x3A ...
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@942053f2473d                                              0x47 0x30 0x0B 0x38 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001f3ad0f344@b8d9cebe6c7c                                              0x37 0x79 0x8F 0xE2 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                              
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                   D:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                   0
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                0xA3 0x98 0xA4 0xE1 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                          0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                       0x33 0xE8 0x19 0xF4 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)               
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                 0xA6 0xC3 0x3C 0xBB ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)               
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                                 0xE5 0x64 0x43 0x7A ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{78785EB0-1D82-8BA9-1C09-D709D1A7099A}                   
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{78785EB0-1D82-8BA9-1C09-D709D1A7099A}@hafiihnmjcleiflb  0x69 0x61 0x63 0x6C ...

---- EOF - GMER 1.0.15 ----
         
Bei dem PC handelt es sich um ein Notebook mit Vista SP2. Gegen Schädlinge läuft immer Antivir und Spybot Search&Destroy.

Wie schon eingangs geschrieben: ich kann keine Anzeichen für einen Befall ausmachen. Aber da die Scans trotzdem etwas gefunden haben.. Für Ratschläge ob und wie es sinnvoll ist weiter zu graben, wäre ich sehr dankbar.

Gruß

Alt 24.07.2012, 16:43   #2
markusg
/// Malware-holic
 
HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt - Standard

HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt



hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________

Alt 24.07.2012, 17:42   #3
Ilu
 
HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt - Standard

HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt



Hi,
danke für die schnelle Antwort.

Hier das Combofix-Log:
Code:
ATTFilter
ComboFix 12-07-25.04 - *** 24.07.2012  17:59:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1532 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\***\AppData\Local\assembly\tmp
c:\users\***\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\tmp4D79.tmp
c:\windows\system32\tmp4DC8.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-24 bis 2012-07-24  ))))))))))))))))))))))))))))))
.
.
2012-07-24 16:08 . 2012-07-24 16:08	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-07-24 16:08 . 2012-07-24 16:08	--------	d-----w-	c:\users\***AndererAccMitUserRechten***\AppData\Local\temp
2012-07-24 16:08 . 2012-07-24 16:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-24 16:08 . 2012-07-24 16:08	--------	d-----w-	c:\users\***AccMitUserRechten***\AppData\Local\temp
2012-07-23 12:06 . 2012-07-23 12:06	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-23 12:06 . 2012-07-23 12:06	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-07-23 12:05 . 2012-07-23 12:05	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-23 12:05 . 2012-07-23 12:05	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-07-23 12:05 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-20 18:21 . 2012-07-20 18:21	--------	d-----w-	c:\users\***AccMitUserRechten***\AppData\Local\Macromedia
2012-07-20 17:35 . 2012-06-29 08:44	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5512A987-5D11-44A4-99EA-2DB7D97CA7B3}\mpengine.dll
2012-07-20 17:28 . 2012-07-22 06:56	--------	d-----w-	c:\users\***AccMitUserRechten***\AppData\Local\TSVNCache
2012-07-20 17:28 . 2012-07-20 17:28	--------	d-----w-	c:\users\***AccMitUserRechten***\AppData\Roaming\Subversion
2012-07-18 12:54 . 2012-07-18 12:54	--------	d-----w-	c:\users\***\AppData\Roaming\TortoiseSVN
2012-07-18 12:42 . 2012-07-24 16:12	--------	d-----w-	c:\users\***\AppData\Local\TSVNCache
2012-07-18 12:36 . 2012-07-18 12:36	--------	d-----w-	c:\users\***\AppData\Roaming\Subversion
2012-07-18 12:25 . 2012-07-18 12:25	--------	d-----w-	c:\program files\Common Files\TortoiseOverlays
2012-07-13 22:10 . 2012-07-14 12:43	--------	d-----w-	c:\users\***\.android
2012-07-10 17:41 . 2012-06-05 16:47	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 17:41 . 2012-06-04 15:26	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-01 21:39 . 2012-07-01 21:45	--------	d-----w-	c:\users\***\AppData\Local\MDG
2012-07-01 20:21 . 2012-07-02 07:15	--------	d-----w-	c:\users\***\AppData\Local\Samsung
2012-07-01 20:21 . 2012-07-19 14:54	--------	d-----w-	c:\users\***\AppData\Roaming\Samsung
2012-07-01 20:04 . 2012-05-21 02:09	80824	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2012-07-01 20:04 . 2012-05-21 02:09	181432	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2012-07-01 19:59 . 2012-07-01 19:59	--------	d-----w-	c:\program files\MarkAny
2012-07-01 19:59 . 2012-06-26 14:02	821824	----a-w-	c:\windows\system32\dgderapi.dll
2012-07-01 19:59 . 2012-06-26 14:02	20032	----a-w-	c:\windows\system32\drivers\dgderdrv.sys
2012-07-01 19:58 . 2012-07-19 14:54	--------	d-----w-	c:\programdata\Samsung
2012-07-01 19:46 . 2012-07-19 14:53	--------	d-----w-	c:\users\***\AppData\Local\Downloaded Installations
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 15:47 . 2012-03-29 11:05	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-16 15:47 . 2011-05-17 06:26	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-26 14:03 . 2012-07-01 20:00	4659712	----a-w-	c:\windows\system32\Redemption.dll
2012-06-26 14:02 . 2008-06-25 05:18	319456	----a-w-	c:\windows\system32\DIFxAPI.dll
2012-06-18 09:27 . 2012-06-18 09:28	476936	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-06-18 09:27 . 2010-05-16 19:55	472840	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-13 13:40 . 2012-07-10 18:25	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-10 17:41	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-10 17:41	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-21 05:18	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:18	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:17	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:17	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 05:18	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 05:18	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 05:17	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 05:17	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 05:17	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 08:25 . 2012-07-10 18:15	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-06-02 00:04 . 2012-07-10 17:41	278528	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-10 17:41	204288	----a-w-	c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2009-10-11 18:56	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-05-28 22:38 . 2012-05-28 22:38	330240	----a-w-	c:\windows\MASetupCaller.dll
2012-05-23 16:49 . 2012-05-23 16:49	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2012-05-23 16:49 . 2012-05-23 16:49	30568	----a-w-	c:\windows\MusiccityDownload.exe
2012-05-23 16:49 . 2012-05-23 16:49	974848	----a-w-	c:\windows\system32\cis-2.4.dll
2012-05-23 16:49 . 2012-05-23 16:49	81920	----a-w-	c:\windows\system32\issacapi_bs-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49	65536	----a-w-	c:\windows\system32\issacapi_pe-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49	57344	----a-w-	c:\windows\system32\MTXSYNCICON.dll
2012-05-23 16:49 . 2012-05-23 16:49	57344	----a-w-	c:\windows\system32\MK_Lyric.dll
2012-05-23 16:49 . 2012-05-23 16:49	57344	----a-w-	c:\windows\system32\issacapi_se-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49	569344	----a-w-	c:\windows\system32\muzdecode.ax
2012-05-23 16:49 . 2012-05-23 16:49	491520	----a-w-	c:\windows\system32\muzapp.dll
2012-05-23 16:49 . 2012-05-23 16:49	49152	----a-w-	c:\windows\system32\MaJGUILib.dll
2012-05-23 16:49 . 2012-05-23 16:49	45320	----a-w-	c:\windows\system32\MAMACExtract.dll
2012-05-23 16:49 . 2012-05-23 16:49	45056	----a-w-	c:\windows\system32\MaXMLProto.dll
2012-05-23 16:49 . 2012-05-23 16:49	45056	----a-w-	c:\windows\system32\MACXMLProto.dll
2012-05-23 16:49 . 2012-05-23 16:49	40960	----a-w-	c:\windows\system32\MTTELECHIP.dll
2012-05-23 16:49 . 2012-05-23 16:49	352256	----a-w-	c:\windows\system32\MSLUR71.dll
2012-05-23 16:49 . 2012-05-23 16:49	258048	----a-w-	c:\windows\system32\muzoggsp.ax
2012-05-23 16:49 . 2012-05-23 16:49	245760	----a-w-	c:\windows\system32\MSCLib.dll
2012-05-23 16:49 . 2012-05-23 16:49	24576	----a-w-	c:\windows\system32\MASetupCleaner.exe
2012-05-23 16:49 . 2012-05-23 16:49	200704	----a-w-	c:\windows\system32\muzwmts.dll
2012-05-23 16:49 . 2012-05-23 16:49	172032	----a-w-	c:\windows\system32\muzapp.exe
2012-05-23 16:49 . 2012-05-23 16:49	155648	----a-w-	c:\windows\system32\MSFLib.dll
2012-05-23 16:49 . 2012-05-23 16:49	143360	----a-w-	c:\windows\system32\3DAudio.ax
2012-05-23 16:49 . 2012-05-23 16:49	135168	----a-w-	c:\windows\system32\muzaf1.dll
2012-05-23 16:49 . 2012-05-23 16:49	131072	----a-w-	c:\windows\system32\muzmpgsp.ax
2012-05-23 16:49 . 2012-05-23 16:49	122880	----a-w-	c:\windows\system32\muzeffect.ax
2012-05-23 16:49 . 2012-05-23 16:49	118784	----a-w-	c:\windows\system32\MaDRM.dll
2012-05-23 16:49 . 2012-05-23 16:49	110592	----a-w-	c:\windows\system32\muzmp4sp.ax
2012-05-08 17:36 . 2011-10-24 04:53	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-08 17:36 . 2009-06-27 19:26	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-05 20:00 . 2011-11-05 22:29	2478592	----a-w-	c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-05-05 20:00 . 2011-02-21 16:55	2455488	----a-w-	c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll
2012-05-05 11:58 . 2011-02-21 16:55	18400	----a-w-	c:\programdata\Microsoft\VSA\9.0\1031\ResourceCache.dll
2012-05-05 11:58 . 2011-02-21 16:55	18368	----a-w-	c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2012-05-04 21:42 . 2012-05-04 21:42	416	----a-w-	c:\programdata\Microsoft\MSDN\9.0\1031\ResourceCache.dll
2012-05-04 21:42 . 2011-06-08 20:41	416	----a-w-	c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-05-04 07:41 . 2012-05-04 07:41	229208	----a-w-	c:\windows\system32\drivers\VMM.sys
2012-05-01 14:03 . 2012-06-13 07:49	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DisplayFusion"="d:\programme\DisplayFusion\DisplayFusion.exe" [2012-01-12 2789280]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SandboxieControl"="d:\programme\Sandboxie\SbieCtrl.exe" [2012-03-22 452880]
"KiesPDLR"="d:\programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
"KiesPreload"="d:\programme\Samsung\Kies\Kies.exe" [2012-07-16 975800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1049896]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"CherryKeyMan"="c:\program files\Cherry\KeyMan\KeyMan.exe" [2010-09-01 254004]
"NWTRAY"="NWTRAY.EXE" [2011-11-27 34904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"KiesTrayAgent"="d:\programme\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Miranda IM.lnk - d:\programme\Miranda IM\miranda32.exe [2012-2-17 827989]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 ncv1_0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ICQ6.5.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ICQ6.5.lnk
backup=c:\windows\pss\ICQ6.5.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Taskplaner Modul.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Taskplaner Modul.lnk
backup=c:\windows\pss\SolidWorks Taskplaner Modul.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53	35736	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58	611712	----a-w-	c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-10-12 16:24	304568	----a-w-	c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-08-01 08:28	124480	----a-w-	d:\programme\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-05-16 13:44	1084840	----a-w-	c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 10:02	79400	----a-w-	c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-08-30 16:43	3077528	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03	210472	----a-w-	c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1614058835-672721566-3778044925-1003]
"EnableNotificationsRef"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - d:\programme\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
DPF: {0427F569-3D57-4F10-B9FB-8D71A6A7BE24} - file:///C:/Users/***/AppData/Local/Temp/FV2GA4/frmeditor.ocx
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nc71xmt7.default\
FF - prefs.js: browser.startup.homepage - google.de
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.txt=UltraEdit.txt
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-Akamai NetSession Interface - c:\users\***\AppData\Local\Akamai\netsession_win.exe
HKCU-Run-KiesHelper - d:\programme\Samsung\Kies\KiesHelper.exe
HKCU-Run-KiesAirMessage - d:\programme\Samsung\Kies\KiesAirMessage.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-boincmgr - d:\programme\BOINC\boincmgr.exe
MSConfigStartUp-boinctray - d:\programme\BOINC\boinctray.exe
MSConfigStartUp-EA Core - d:\fussball manager 10\EADM\Core.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-SolidWorks_CheckForUpdates - c:\program files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe
MSConfigStartUp-Vidalia - d:\programme\Vidalia Bundle\Vidalia\vidalia.exe
MSConfigStartUp-WinampAgent - d:\programme\Winamp\winampa.exe
AddRemove-01_Simmental - d:\programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - d:\programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - d:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - d:\programme\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - d:\programme\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - d:\programme\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - d:\programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - d:\programme\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - d:\programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - d:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - d:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - d:\programme\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - d:\programme\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - d:\programme\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - d:\programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - d:\programme\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - d:\programme\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - d:\programme\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - d:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-24 18:14
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1614058835-672721566-3778044925-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{78785EB0-1D82-8BA9-1C09-D709D1A7099A}*]
"hafiihnmjcleiflb"=hex:69,61,63,6c,65,61,66,61,67,62,61,68,66,67,6f,6c,63,65,
   00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\NETWIN32.DLL
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'Explorer.exe'(4668)
d:\programme\DisplayFusion\Hooks\AppHookx86_796a9db3-9ac3-471c-8cfd-65f0069015da.dll
c:\program files\Common Files\Cherry\Common\KbdHook00.dll
c:\windows\system32\btmmhook.dll
d:\programme\FileZilla FTP Client\fzshellext.dll
c:\windows\system32\btncopy.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\NETWIN32.DLL
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
d:\programme\Sandboxie\SbieSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe
c:\windows\System32\lpksetup.exe
c:\program files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
d:\programme\Cisco VPN Client\cvpnd.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\HPSIsvc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_monitor.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\StkCSrv.exe
c:\program files\ANSYS Inc\Shared Files\Licensing\win32\lmgrd.exe
c:\program files\ANSYS Inc\Shared Files\Licensing\win32\ansyslmd.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
d:\programme\TortoiseSVN\bin\TSVNCache.exe
c:\windows\RtHDVCpl.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\System32\nwtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Cherry\CDI\cdi.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-24  18:24:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-24 16:24
.
Vor Suchlauf: 15 Verzeichnis(se), 30.499.442.688 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 32.124.981.248 Bytes frei
.
- - End Of File - - 3AFF8D5A3B71EB8506D3DE980530A4BC
         
Edit:
Ganz vergessen: nach dem Neustart durch Combofix gabs die Fehlermeldung
Zitat:
c:\program files\avira\antivir desktop\ipmGui.exe

Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
Gruß
__________________

Geändert von Ilu (24.07.2012 um 17:44 Uhr) Grund: Detail vergessen

Alt 25.07.2012, 17:10   #4
markusg
/// Malware-holic
 
HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt - Standard

HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.07.2012, 18:13   #5
Ilu
 
HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt - Standard

HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt



Hi Markus,
wie gewünscht das TDSSKiller-Log:
Code:
ATTFilter
18:14:37.0444 0364	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:14:37.0481 0364	============================================================
18:14:37.0481 0364	Current date / time: 2012/07/25 18:14:37.0481
18:14:37.0481 0364	SystemInfo:
18:14:37.0481 0364	
18:14:37.0481 0364	OS Version: 6.0.6002 ServicePack: 2.0
18:14:37.0481 0364	Product type: Workstation
18:14:37.0481 0364	ComputerName: ***
18:14:37.0481 0364	UserName: ***
18:14:37.0481 0364	Windows directory: C:\Windows
18:14:37.0482 0364	System windows directory: C:\Windows
18:14:37.0482 0364	Processor architecture: Intel x86
18:14:37.0482 0364	Number of processors: 2
18:14:37.0482 0364	Page size: 0x1000
18:14:37.0482 0364	Boot type: Normal boot
18:14:37.0482 0364	============================================================
18:14:38.0139 0364	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:14:38.0143 0364	============================================================
18:14:38.0143 0364	\Device\Harddisk0\DR0:
18:14:38.0143 0364	MBR partitions:
18:14:38.0143 0364	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0xB2C126D
18:14:38.0143 0364	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC6C5928, BlocksNum 0x18D67D99
18:14:38.0143 0364	============================================================
18:14:38.0263 0364	D: <-> \Device\Harddisk0\DR0\Partition1
18:14:38.0493 0364	C: <-> \Device\Harddisk0\DR0\Partition0
18:14:38.0493 0364	============================================================
18:14:38.0493 0364	Initialize success
18:14:38.0493 0364	============================================================
18:15:16.0213 7360	============================================================
18:15:16.0213 7360	Scan started
18:15:16.0213 7360	Mode: Manual; SigCheck; TDLFS; 
18:15:16.0213 7360	============================================================
18:15:18.0709 7360	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:15:18.0849 7360	ACPI - ok
18:15:18.0912 7360	adfs            (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
18:15:18.0912 7360	adfs - ok
18:15:19.0099 7360	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:15:19.0099 7360	AdobeARMservice - ok
18:15:19.0177 7360	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:15:19.0208 7360	adp94xx - ok
18:15:19.0239 7360	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:15:19.0255 7360	adpahci - ok
18:15:19.0286 7360	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:15:19.0302 7360	adpu160m - ok
18:15:19.0333 7360	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:15:19.0333 7360	adpu320 - ok
18:15:19.0395 7360	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:15:19.0567 7360	AeLookupSvc - ok
18:15:19.0723 7360	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:15:19.0785 7360	AFD - ok
18:15:19.0895 7360	AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
18:15:19.0973 7360	AgereSoftModem - ok
18:15:20.0019 7360	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:15:20.0035 7360	agp440 - ok
18:15:20.0066 7360	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:15:20.0082 7360	aic78xx - ok
18:15:20.0144 7360	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
18:15:20.0285 7360	ALG - ok
18:15:20.0300 7360	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:15:20.0300 7360	aliide - ok
18:15:20.0347 7360	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:15:20.0363 7360	amdagp - ok
18:15:20.0378 7360	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:15:20.0394 7360	amdide - ok
18:15:20.0409 7360	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:15:20.0456 7360	AmdK7 - ok
18:15:20.0487 7360	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:15:20.0534 7360	AmdK8 - ok
18:15:22.0593 7360	ANSYS, Inc. License Manager (65a2d3fe71b7f27e3d76aaa9e43634ea) C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
18:15:22.0749 7360	ANSYS, Inc. License Manager ( UnsignedFile.Multi.Generic ) - warning
18:15:22.0749 7360	ANSYS, Inc. License Manager - detected UnsignedFile.Multi.Generic (1)
18:15:23.0046 7360	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:15:23.0077 7360	AntiVirSchedulerService - ok
18:15:23.0108 7360	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:15:23.0108 7360	AntiVirService - ok
18:15:23.0389 7360	AppHostSvc      (dfae18c675d71fd06d57dc69d2913975) C:\Windows\system32\inetsrv\apphostsvc.dll
18:15:23.0451 7360	AppHostSvc - ok
18:15:23.0498 7360	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
18:15:23.0576 7360	Appinfo - ok
18:15:23.0623 7360	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:15:23.0639 7360	arc - ok
18:15:23.0685 7360	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:15:23.0685 7360	arcsas - ok
18:15:23.0841 7360	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:15:23.0857 7360	aspnet_state - ok
18:15:23.0888 7360	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:15:23.0935 7360	AsyncMac - ok
18:15:23.0951 7360	atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
18:15:23.0966 7360	atapi - ok
18:15:24.0029 7360	atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
18:15:24.0060 7360	atksgt ( UnsignedFile.Multi.Generic ) - warning
18:15:24.0060 7360	atksgt - detected UnsignedFile.Multi.Generic (1)
18:15:24.0122 7360	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:15:24.0138 7360	AudioEndpointBuilder - ok
18:15:24.0153 7360	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:15:24.0169 7360	Audiosrv - ok
18:15:24.0325 7360	Autodesk Licensing Service (4961850fb000896d6a6b90868dc91a98) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
18:15:24.0372 7360	Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:15:24.0372 7360	Autodesk Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:15:24.0387 7360	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
18:15:24.0419 7360	avgntflt - ok
18:15:24.0481 7360	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
18:15:24.0512 7360	avipbb - ok
18:15:24.0606 7360	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:15:24.0637 7360	avkmgr - ok
18:15:24.0684 7360	bcm4sbxp        (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
18:15:24.0855 7360	bcm4sbxp - ok
18:15:24.0887 7360	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:15:24.0933 7360	Beep - ok
18:15:25.0043 7360	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
18:15:25.0089 7360	BFE - ok
18:15:25.0589 7360	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
18:15:25.0667 7360	BITS - ok
18:15:25.0807 7360	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:15:25.0854 7360	blbdrive - ok
18:15:25.0901 7360	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:15:25.0963 7360	bowser - ok
18:15:25.0994 7360	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:15:26.0041 7360	BrFiltLo - ok
18:15:26.0057 7360	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:15:26.0088 7360	BrFiltUp - ok
18:15:26.0119 7360	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
18:15:26.0181 7360	Browser - ok
18:15:26.0213 7360	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:15:26.0306 7360	Brserid - ok
18:15:26.0353 7360	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:15:26.0400 7360	BrSerWdm - ok
18:15:26.0415 7360	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:15:26.0462 7360	BrUsbMdm - ok
18:15:26.0478 7360	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:15:26.0540 7360	BrUsbSer - ok
18:15:26.0587 7360	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
18:15:26.0618 7360	BthEnum - ok
18:15:26.0665 7360	BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
18:15:26.0681 7360	BTHMODEM - ok
18:15:26.0712 7360	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
18:15:26.0743 7360	BthPan - ok
18:15:26.0805 7360	BTHPORT         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
18:15:26.0852 7360	BTHPORT - ok
18:15:26.0899 7360	BthServ         (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
18:15:26.0930 7360	BthServ - ok
18:15:26.0946 7360	BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
18:15:26.0977 7360	BTHUSB - ok
18:15:27.0024 7360	btwaudio        (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
18:15:27.0055 7360	btwaudio - ok
18:15:27.0086 7360	btwavdt         (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
18:15:27.0117 7360	btwavdt - ok
18:15:27.0164 7360	btwrchid        (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
18:15:27.0195 7360	btwrchid - ok
18:15:27.0398 7360	catchme - ok
18:15:27.0429 7360	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:15:27.0461 7360	cdfs - ok
18:15:27.0507 7360	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:15:27.0539 7360	cdrom - ok
18:15:27.0601 7360	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:15:27.0632 7360	CertPropSvc - ok
18:15:27.0679 7360	Ch2kPS2         (970dddebaa177ad1f738a24c8d9c0735) C:\Windows\system32\DRIVERS\Ch2kPS2.sys
18:15:27.0726 7360	Ch2kPS2 - ok
18:15:27.0757 7360	Ch2kPS2M        (f767a99313f4b87350bf60500575a8af) C:\Windows\system32\DRIVERS\Ch2kPS2M.sys
18:15:27.0773 7360	Ch2kPS2M ( UnsignedFile.Multi.Generic ) - warning
18:15:27.0773 7360	Ch2kPS2M - detected UnsignedFile.Multi.Generic (1)
18:15:27.0819 7360	Ch2kUSB         (6bb54c8ab2ff2406c08157052cae793c) C:\Windows\system32\drivers\Ch2kUSB.sys
18:15:27.0851 7360	Ch2kUSB - ok
18:15:28.0459 7360	Cherry Device Interface (1ce3f63d0c5867d16b01435f8cdaef8b) C:\Program Files\Cherry\CDI\cdi.exe
18:15:28.0490 7360	Cherry Device Interface ( UnsignedFile.Multi.Generic ) - warning
18:15:28.0490 7360	Cherry Device Interface - detected UnsignedFile.Multi.Generic (1)
18:15:28.0521 7360	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:15:28.0553 7360	circlass - ok
18:15:28.0833 7360	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:15:28.0849 7360	CLFS - ok
18:15:28.0943 7360	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:15:28.0958 7360	clr_optimization_v2.0.50727_32 - ok
18:15:29.0208 7360	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:15:29.0223 7360	clr_optimization_v4.0.30319_32 - ok
18:15:29.0270 7360	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:15:29.0301 7360	CmBatt - ok
18:15:29.0317 7360	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:15:29.0333 7360	cmdide - ok
18:15:29.0348 7360	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:15:29.0348 7360	Compbatt - ok
18:15:29.0364 7360	COMSysApp - ok
18:15:29.0364 7360	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:15:29.0379 7360	crcdisk - ok
18:15:29.0395 7360	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:15:29.0426 7360	Crusoe - ok
18:15:29.0473 7360	CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
18:15:29.0520 7360	CryptSvc - ok
18:15:29.0582 7360	ctxusbm         (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
18:15:29.0613 7360	ctxusbm - ok
18:15:29.0645 7360	CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
18:15:29.0676 7360	CVirtA - ok
18:15:31.0407 7360	CVPND           (98b1b70e250ebca7b7a0a56ad2a7e62f) D:\Programme\Cisco VPN Client\cvpnd.exe
18:15:31.0470 7360	CVPND - ok
18:15:31.0563 7360	CVPNDRVA        (465ced77e7c4f9d71b81ba600edafac1) C:\Windows\system32\Drivers\CVPNDRVA.sys
18:15:31.0563 7360	CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
18:15:31.0563 7360	CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
18:15:31.0657 7360	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:15:31.0704 7360	DcomLaunch - ok
18:15:31.0797 7360	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:15:31.0844 7360	DfsC - ok
18:15:32.0624 7360	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
18:15:32.0811 7360	DFSR - ok
18:15:32.0921 7360	dgderdrv        (6216fd7fd227de454238a702b218cec7) C:\Windows\system32\drivers\dgderdrv.sys
18:15:32.0936 7360	dgderdrv - ok
18:15:33.0030 7360	dg_ssudbus      (f9f31a9f2a8c0dd0ceb6e380bf0985d4) C:\Windows\system32\DRIVERS\ssudbus.sys
18:15:33.0061 7360	dg_ssudbus - ok
18:15:33.0139 7360	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
18:15:33.0186 7360	Dhcp - ok
18:15:34.0574 7360	DialComService  (5c90fdd933a0f8566399363191751113) C:\Program Files\DIAL GmbH\DIAL Communication Framework\DialComService.exe
18:15:34.0668 7360	DialComService - ok
18:15:35.0011 7360	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:15:35.0027 7360	disk - ok
18:15:35.0073 7360	DNE             (86d52c32a308f84bbc626bff7c1fb710) C:\Windows\system32\DRIVERS\dne2000.sys
18:15:35.0089 7360	DNE - ok
18:15:35.0120 7360	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
18:15:35.0229 7360	Dnscache - ok
18:15:35.0292 7360	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
18:15:35.0323 7360	dot3svc - ok
18:15:35.0370 7360	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
18:15:35.0417 7360	DPS - ok
18:15:35.0432 7360	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:15:35.0463 7360	drmkaud - ok
18:15:35.0479 7360	DS1410D - ok
18:15:35.0900 7360	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:15:35.0963 7360	DXGKrnl - ok
18:15:36.0025 7360	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:15:36.0072 7360	E1G60 - ok
18:15:36.0103 7360	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
18:15:36.0134 7360	EapHost - ok
18:15:36.0181 7360	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:15:36.0197 7360	Ecache - ok
18:15:36.0259 7360	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
18:15:36.0337 7360	ehRecvr - ok
18:15:36.0353 7360	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
18:15:36.0399 7360	ehSched - ok
18:15:36.0415 7360	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
18:15:36.0431 7360	ehstart - ok
18:15:36.0462 7360	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:15:36.0493 7360	elxstor - ok
18:15:36.0930 7360	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
18:15:36.0977 7360	EMDMgmt - ok
18:15:36.0992 7360	epmntdrv        (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
18:15:37.0055 7360	epmntdrv ( UnsignedFile.Multi.Generic ) - warning
18:15:37.0055 7360	epmntdrv - detected UnsignedFile.Multi.Generic (1)
18:15:37.0086 7360	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:15:37.0117 7360	ErrDev - ok
18:15:37.0148 7360	EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
18:15:37.0179 7360	EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
18:15:37.0179 7360	EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
18:15:37.0413 7360	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
18:15:37.0476 7360	EventSystem - ok
18:15:37.0601 7360	EvtEng          (87bfd4ef2f43399da37b48b42a84a749) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:15:37.0647 7360	EvtEng ( UnsignedFile.Multi.Generic ) - warning
18:15:37.0647 7360	EvtEng - detected UnsignedFile.Multi.Generic (1)
18:15:37.0710 7360	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:15:37.0788 7360	exfat - ok
18:15:37.0803 7360	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:15:37.0819 7360	fastfat - ok
18:15:37.0881 7360	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:15:37.0913 7360	fdc - ok
18:15:37.0944 7360	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
18:15:37.0959 7360	fdPHost - ok
18:15:37.0975 7360	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:15:38.0022 7360	FDResPub - ok
18:15:38.0037 7360	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:15:38.0053 7360	FileInfo - ok
18:15:38.0069 7360	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:15:38.0100 7360	Filetrace - ok
18:15:38.0209 7360	FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:15:38.0240 7360	FLEXnet Licensing Service - ok
18:15:38.0271 7360	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:15:38.0303 7360	flpydisk - ok
18:15:38.0349 7360	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:15:38.0381 7360	FltMgr - ok
18:15:38.0552 7360	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
18:15:38.0615 7360	FontCache - ok
18:15:38.0693 7360	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:15:38.0693 7360	FontCache3.0.0.0 - ok
18:15:38.0724 7360	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
18:15:38.0771 7360	Fs_Rec - ok
18:15:38.0802 7360	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:15:38.0817 7360	gagp30kx - ok
18:15:38.0849 7360	ggflt           (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
18:15:38.0880 7360	ggflt - ok
18:15:38.0895 7360	ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
18:15:38.0911 7360	ggsemc - ok
18:15:38.0973 7360	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
18:15:39.0051 7360	gpsvc - ok
18:15:39.0098 7360	hamachi         (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
18:15:39.0114 7360	hamachi - ok
18:15:39.0161 7360	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:15:39.0207 7360	HdAudAddService - ok
18:15:39.0254 7360	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:15:39.0317 7360	HDAudBus - ok
18:15:39.0348 7360	HidBth          (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
18:15:39.0379 7360	HidBth - ok
18:15:39.0410 7360	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:15:39.0457 7360	HidIr - ok
18:15:39.0488 7360	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
18:15:39.0519 7360	hidserv - ok
18:15:39.0551 7360	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:15:39.0566 7360	HidUsb - ok
18:15:39.0597 7360	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
18:15:39.0629 7360	hkmsvc - ok
18:15:39.0644 7360	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:15:39.0660 7360	HpCISSs - ok
18:15:39.0722 7360	HPSIService     (94d23d4f096f12ca42c2fe4196631f46) C:\Windows\system32\HPSIsvc.exe
18:15:39.0722 7360	HPSIService - ok
18:15:39.0785 7360	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:15:39.0878 7360	HTTP - ok
18:15:39.0909 7360	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:15:39.0925 7360	i2omp - ok
18:15:39.0972 7360	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:15:40.0003 7360	i8042prt - ok
18:15:40.0097 7360	ialm            (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:15:40.0206 7360	ialm - ok
18:15:40.0346 7360	iaNvStor        (3e349157986c533e3cbeb8c1e17290bb) C:\Windows\system32\DRIVERS\iaNvStor.sys
18:15:40.0377 7360	iaNvStor - ok
18:15:40.0721 7360	iaStor          (f263a9036f8897ffa2ae54685e03ad60) C:\Windows\system32\DRIVERS\iaStor.sys
18:15:40.0752 7360	iaStor - ok
18:15:41.0111 7360	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:15:41.0142 7360	iaStorV - ok
18:15:41.0516 7360	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:15:41.0563 7360	idsvc - ok
18:15:41.0594 7360	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:15:41.0610 7360	iirsp - ok
18:15:41.0672 7360	IISADMIN        (dae181c2fdb0d02159c56185a469e10b) C:\Windows\system32\inetsrv\inetinfo.exe
18:15:41.0703 7360	IISADMIN - ok
18:15:41.0766 7360	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
18:15:41.0844 7360	IKEEXT - ok
18:15:43.0076 7360	IntcAzAudAddService (ffd2b3bc042596abe785d3c15f51ab46) C:\Windows\system32\drivers\RTKVHDA.sys
18:15:43.0201 7360	IntcAzAudAddService - ok
18:15:43.0794 7360	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:15:43.0794 7360	intelide - ok
18:15:43.0841 7360	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:15:43.0872 7360	intelppm - ok
18:15:43.0903 7360	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
18:15:43.0919 7360	IPBusEnum - ok
18:15:43.0950 7360	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:15:43.0981 7360	IpFilterDriver - ok
18:15:44.0028 7360	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
18:15:44.0075 7360	iphlpsvc - ok
18:15:44.0075 7360	IpInIp - ok
18:15:44.0106 7360	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:15:44.0137 7360	IPMIDRV - ok
18:15:44.0324 7360	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:15:44.0371 7360	IPNAT - ok
18:15:44.0387 7360	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:15:44.0402 7360	IRENUM - ok
18:15:44.0418 7360	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:15:44.0433 7360	isapnp - ok
18:15:44.0496 7360	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:15:44.0511 7360	iScsiPrt - ok
18:15:44.0527 7360	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:15:44.0543 7360	iteatapi - ok
18:15:44.0558 7360	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:15:44.0574 7360	iteraid - ok
18:15:44.0652 7360	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:15:44.0667 7360	kbdclass - ok
18:15:44.0699 7360	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:15:44.0714 7360	kbdhid - ok
18:15:44.0745 7360	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:15:44.0808 7360	KeyIso - ok
18:15:44.0823 7360	KMDFMEMIO       (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
18:15:44.0870 7360	KMDFMEMIO - ok
18:15:44.0948 7360	KSecDD          (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
18:15:44.0964 7360	KSecDD - ok
18:15:45.0073 7360	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
18:15:45.0104 7360	KtmRm - ok
18:15:45.0260 7360	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
18:15:45.0307 7360	LanmanServer - ok
18:15:45.0354 7360	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
18:15:45.0401 7360	LanmanWorkstation - ok
18:15:45.0447 7360	lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
18:15:45.0447 7360	lirsgt ( UnsignedFile.Multi.Generic ) - warning
18:15:45.0447 7360	lirsgt - detected UnsignedFile.Multi.Generic (1)
18:15:45.0479 7360	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:15:45.0525 7360	lltdio - ok
18:15:45.0557 7360	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
18:15:45.0588 7360	lltdsvc - ok
18:15:45.0603 7360	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:15:45.0650 7360	lmhosts - ok
18:15:45.0791 7360	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:15:45.0806 7360	LSI_FC - ok
18:15:45.0837 7360	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:15:45.0853 7360	LSI_SAS - ok
18:15:45.0884 7360	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:15:45.0900 7360	LSI_SCSI - ok
18:15:46.0056 7360	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:15:46.0103 7360	luafv - ok
18:15:46.0134 7360	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
18:15:46.0165 7360	Mcx2Svc - ok
18:15:46.0446 7360	MDM             (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:15:46.0461 7360	MDM - ok
18:15:46.0493 7360	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:15:46.0508 7360	megasas - ok
18:15:46.0914 7360	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:15:46.0961 7360	MegaSR - ok
18:15:47.0444 7360	Microsoft SharePoint Workspace Audit Service - ok
18:15:47.0538 7360	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:15:47.0600 7360	MMCSS - ok
18:15:47.0616 7360	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:15:47.0663 7360	Modem - ok
18:15:47.0678 7360	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:15:47.0709 7360	monitor - ok
18:15:47.0787 7360	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:15:47.0803 7360	mouclass - ok
18:15:47.0819 7360	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:15:47.0865 7360	mouhid - ok
18:15:47.0881 7360	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:15:47.0897 7360	MountMgr - ok
18:15:48.0099 7360	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:15:48.0115 7360	MozillaMaintenance - ok
18:15:48.0162 7360	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:15:48.0162 7360	mpio - ok
18:15:48.0209 7360	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:15:48.0224 7360	mpsdrv - ok
18:15:48.0661 7360	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
18:15:48.0708 7360	MpsSvc - ok
18:15:48.0723 7360	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:15:48.0739 7360	Mraid35x - ok
18:15:48.0770 7360	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:15:48.0801 7360	MRxDAV - ok
18:15:48.0833 7360	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:15:48.0926 7360	mrxsmb - ok
18:15:48.0957 7360	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:15:48.0973 7360	mrxsmb10 - ok
18:15:48.0989 7360	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:15:49.0020 7360	mrxsmb20 - ok
18:15:49.0051 7360	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
18:15:49.0051 7360	msahci - ok
18:15:49.0098 7360	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:15:49.0113 7360	msdsm - ok
18:15:49.0160 7360	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
18:15:49.0176 7360	MSDTC - ok
18:15:49.0191 7360	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:15:49.0238 7360	Msfs - ok
18:15:49.0254 7360	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:15:49.0269 7360	msisadrv - ok
18:15:49.0301 7360	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
18:15:49.0332 7360	MSiSCSI - ok
18:15:49.0332 7360	msiserver - ok
18:15:49.0379 7360	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:15:49.0394 7360	MSKSSRV - ok
18:15:49.0425 7360	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:15:49.0457 7360	MSPCLOCK - ok
18:15:49.0472 7360	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:15:49.0503 7360	MSPQM - ok
18:15:49.0581 7360	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:15:49.0597 7360	MsRPC - ok
18:15:49.0613 7360	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:15:49.0628 7360	mssmbios - ok
18:15:49.0706 7360	MSSQL$AUTODESKVAULT - ok
18:15:49.0784 7360	MSSQL$SQLEXPRESS - ok
18:15:49.0847 7360	MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:15:49.0847 7360	MSSQLServerADHelper - ok
18:15:49.0909 7360	MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:15:49.0909 7360	MSSQLServerADHelper100 - ok
18:15:49.0940 7360	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:15:49.0971 7360	MSTEE - ok
18:15:51.0797 7360	msvsmon80       (73fa09b84b23a1897809a84f976d5d99) C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
18:15:51.0953 7360	msvsmon80 - ok
18:15:53.0201 7360	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:15:53.0216 7360	Mup - ok
18:15:53.0232 7360	mvusbews        (b9df137953a5280eddbd4a705ca093a2) C:\Windows\system32\Drivers\mvusbews.sys
18:15:53.0263 7360	mvusbews - ok
18:15:53.0388 7360	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
18:15:53.0419 7360	napagent - ok
18:15:53.0481 7360	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:15:53.0497 7360	NativeWifiP - ok
18:15:53.0559 7360	NCFilter        (157e98b2dd9139c7d55049fe635bd39f) C:\Windows\system32\DRIVERS\NCFilter.sys
18:15:53.0591 7360	NCFilter - ok
18:15:53.0903 7360	NCFSD           (df04002fb1f6c9dcb438b9324640ccdb) C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys
18:15:53.0934 7360	NCFSD - ok
18:15:54.0012 7360	NCIOCTL         (54adec9108c5a0bf9d21e4a6ef062db1) C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys
18:15:54.0043 7360	NCIOCTL - ok
18:15:54.0168 7360	NCRecognizer    (450b8c689b73c39816fb872404805517) C:\Windows\system32\DRIVERS\NCRecognizer.sys
18:15:54.0199 7360	NCRecognizer - ok
18:15:54.0277 7360	NCUncFilter     (d28874f3ce6badd9884c62391b39133f) C:\Windows\system32\DRIVERS\NCUncFilter.sys
18:15:54.0293 7360	NCUncFilter - ok
18:15:54.0464 7360	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:15:54.0511 7360	NDIS - ok
18:15:54.0558 7360	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:15:54.0589 7360	NdisTapi - ok
18:15:54.0605 7360	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:15:54.0620 7360	Ndisuio - ok
18:15:54.0854 7360	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:15:54.0885 7360	NdisWan - ok
18:15:54.0901 7360	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:15:54.0917 7360	NDProxy - ok
18:15:54.0932 7360	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:15:54.0979 7360	NetBIOS - ok
18:15:55.0010 7360	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:15:55.0041 7360	netbt - ok
18:15:55.0057 7360	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:15:55.0073 7360	Netlogon - ok
18:15:55.0369 7360	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
18:15:55.0431 7360	Netman - ok
18:15:55.0931 7360	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:15:55.0946 7360	NetMsmqActivator - ok
18:15:55.0946 7360	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:15:55.0962 7360	NetPipeActivator - ok
18:15:56.0165 7360	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
18:15:56.0196 7360	netprofm - ok
18:15:56.0211 7360	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:15:56.0211 7360	NetTcpActivator - ok
18:15:56.0227 7360	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:15:56.0227 7360	NetTcpPortSharing - ok
18:15:56.0726 7360	NETw3v32        (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
18:15:56.0882 7360	NETw3v32 - ok
18:16:01.0500 7360	NETw5v32        (0b214c6a4728f085fb64a29ed9c4de94) C:\Windows\system32\DRIVERS\NETw5v32.sys
18:16:01.0703 7360	NETw5v32 - ok
18:16:01.0874 7360	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:16:01.0890 7360	nfrd960 - ok
18:16:02.0139 7360	NICM            (a1ef820415ed5bbe0dbb3f67866bd2e1) C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys
18:16:02.0186 7360	NICM - ok
18:16:02.0405 7360	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
18:16:02.0420 7360	NlaSvc - ok
18:16:02.0451 7360	nmwcd           (f6c40e0a565ee3ce5aeeb325e10054f2) C:\Windows\system32\drivers\ccdcmb.sys
18:16:02.0514 7360	nmwcd - ok
18:16:02.0545 7360	nmwcdc          (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\Windows\system32\drivers\ccdcmbo.sys
18:16:02.0592 7360	nmwcdc - ok
18:16:02.0623 7360	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:16:02.0639 7360	Npfs - ok
18:16:02.0654 7360	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
18:16:02.0685 7360	nsi - ok
18:16:02.0717 7360	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:16:02.0763 7360	nsiproxy - ok
18:16:02.0763 7360	NSNDIS5 - ok
18:16:02.0904 7360	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:16:02.0966 7360	Ntfs - ok
18:16:02.0997 7360	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:16:03.0044 7360	ntrigdigi - ok
18:16:03.0060 7360	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:16:03.0075 7360	Null - ok
18:16:03.0138 7360	NVHDA           (93c0f383b39b1f5fe7203e3270d4cf52) C:\Windows\system32\drivers\nvhda32v.sys
18:16:03.0169 7360	NVHDA - ok
18:16:04.0230 7360	nvlddmkm        (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:16:04.0713 7360	nvlddmkm - ok
18:16:04.0838 7360	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:16:04.0854 7360	nvraid - ok
18:16:04.0869 7360	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:16:04.0885 7360	nvstor - ok
18:16:04.0994 7360	nvsvc           (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe
18:16:05.0072 7360	nvsvc - ok
18:16:05.0306 7360	nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:16:05.0447 7360	nvUpdatusService - ok
18:16:05.0571 7360	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:16:05.0587 7360	nv_agp - ok
18:16:05.0587 7360	NwlnkFlt - ok
18:16:05.0603 7360	NwlnkFwd - ok
18:16:05.0618 7360	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
18:16:05.0634 7360	ohci1394 - ok
18:16:05.0712 7360	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:16:05.0727 7360	ose - ok
18:16:06.0039 7360	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:16:06.0211 7360	osppsvc - ok
18:16:07.0319 7360	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:16:07.0412 7360	p2pimsvc - ok
18:16:07.0428 7360	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:16:07.0443 7360	p2psvc - ok
18:16:07.0506 7360	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:16:07.0537 7360	Parport - ok
18:16:07.0568 7360	partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
18:16:07.0584 7360	partmgr - ok
18:16:07.0599 7360	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:16:07.0646 7360	Parvdm - ok
18:16:07.0709 7360	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
18:16:07.0771 7360	PcaSvc - ok
18:16:07.0818 7360	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
18:16:07.0849 7360	pccsmcfd - ok
18:16:07.0911 7360	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:16:07.0927 7360	pci - ok
18:16:07.0943 7360	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
18:16:07.0958 7360	pciide - ok
18:16:07.0989 7360	pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
18:16:08.0005 7360	pcmcia - ok
18:16:08.0067 7360	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:16:08.0145 7360	PEAUTH - ok
18:16:08.0411 7360	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
18:16:08.0489 7360	pla - ok
18:16:08.0879 7360	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
18:16:08.0910 7360	PlugPlay - ok
18:16:09.0830 7360	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:16:09.0861 7360	PNRPAutoReg - ok
18:16:09.0861 7360	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:16:09.0893 7360	PNRPsvc - ok
18:16:10.0298 7360	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
18:16:10.0361 7360	PolicyAgent - ok
18:16:10.0829 7360	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:16:10.0875 7360	PptpMiniport - ok
18:16:11.0156 7360	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:16:11.0203 7360	Processor - ok
18:16:11.0858 7360	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
18:16:11.0874 7360	ProfSvc - ok
18:16:11.0983 7360	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:16:11.0999 7360	ProtectedStorage - ok
18:16:12.0248 7360	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:16:12.0295 7360	PSched - ok
18:16:12.0857 7360	PSI_SVC_2       (543a4ef0923bf70d126625b034ef25af) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
18:16:12.0872 7360	PSI_SVC_2 - ok
18:16:14.0479 7360	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:16:14.0557 7360	ql2300 - ok
18:16:14.0978 7360	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:16:15.0009 7360	ql40xx - ok
18:16:15.0041 7360	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
18:16:15.0072 7360	QWAVE - ok
18:16:15.0087 7360	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:16:15.0103 7360	QWAVEdrv - ok
18:16:15.0165 7360	RapiMgr         (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll
18:16:15.0197 7360	RapiMgr - ok
18:16:15.0228 7360	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:16:15.0243 7360	RasAcd - ok
18:16:15.0259 7360	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
18:16:15.0306 7360	RasAuto - ok
18:16:15.0306 7360	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:16:15.0337 7360	Rasl2tp - ok
18:16:15.0384 7360	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
18:16:15.0431 7360	RasMan - ok
18:16:15.0462 7360	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:16:15.0477 7360	RasPppoe - ok
18:16:15.0587 7360	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:16:15.0618 7360	RasSstp - ok
18:16:15.0758 7360	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:16:15.0774 7360	rdbss - ok
18:16:15.0805 7360	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:16:15.0836 7360	RDPCDD - ok
18:16:15.0867 7360	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:16:15.0899 7360	rdpdr - ok
18:16:15.0899 7360	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:16:15.0930 7360	RDPENCDD - ok
18:16:15.0961 7360	RDPWD           (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
18:16:16.0008 7360	RDPWD - ok
18:16:16.0585 7360	RegSrvc         (3c109efd0cef1b540ed3c7f573594bfd) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:16:16.0616 7360	RegSrvc ( UnsignedFile.Multi.Generic ) - warning
18:16:16.0616 7360	RegSrvc - detected UnsignedFile.Multi.Generic (1)
18:16:16.0663 7360	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
18:16:16.0694 7360	RemoteAccess - ok
18:16:16.0741 7360	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
18:16:16.0788 7360	RemoteRegistry - ok
18:16:16.0819 7360	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
18:16:16.0850 7360	RFCOMM - ok
18:16:16.0881 7360	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:16:16.0913 7360	RpcLocator - ok
18:16:16.0991 7360	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:16:17.0022 7360	RpcSs - ok
18:16:17.0053 7360	RsFx0105        (6a7360e36cbd636972aeef0dd292a946) C:\Windows\system32\DRIVERS\RsFx0105.sys
18:16:17.0069 7360	RsFx0105 - ok
18:16:17.0100 7360	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:16:17.0147 7360	rspndr - ok
18:16:17.0147 7360	s0017bus - ok
18:16:17.0147 7360	s0017mdfl - ok
18:16:17.0147 7360	s0017mdm - ok
18:16:17.0162 7360	s0017mgmt - ok
18:16:17.0178 7360	s0017nd5 - ok
18:16:17.0178 7360	s0017obex - ok
18:16:17.0178 7360	s0017unic - ok
18:16:17.0225 7360	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:16:17.0240 7360	SamSs - ok
18:16:17.0334 7360	Samsung Update Plus (a9d840fa78f65857eb554229914f855c) C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
18:16:17.0349 7360	Samsung Update Plus ( UnsignedFile.Multi.Generic ) - warning
18:16:17.0349 7360	Samsung Update Plus - detected UnsignedFile.Multi.Generic (1)
18:16:17.0443 7360	SbieDrv         (1fbd21895b768cd40e83b86c18e6454f) D:\Programme\Sandboxie\SbieDrv.sys
18:16:17.0459 7360	SbieDrv - ok
18:16:17.0521 7360	SbieSvc         (d5d875d6662f30c7fbf5f6879452b12b) D:\Programme\Sandboxie\SbieSvc.exe
18:16:17.0537 7360	SbieSvc - ok
18:16:17.0615 7360	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:16:17.0630 7360	sbp2port - ok
18:16:17.0693 7360	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
18:16:17.0708 7360	SCardSvr - ok
18:16:17.0771 7360	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
18:16:17.0849 7360	Schedule - ok
18:16:17.0880 7360	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:16:17.0895 7360	SCPolicySvc - ok
18:16:17.0958 7360	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
18:16:18.0005 7360	sdbus - ok
18:16:18.0020 7360	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
18:16:18.0051 7360	SDRSVC - ok
18:16:18.0067 7360	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:16:18.0114 7360	secdrv - ok
18:16:18.0129 7360	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
18:16:18.0161 7360	seclogon - ok
18:16:18.0176 7360	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
18:16:18.0207 7360	SENS - ok
18:16:18.0254 7360	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:16:18.0301 7360	Serenum - ok
18:16:18.0317 7360	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:16:18.0395 7360	Serial - ok
18:16:18.0426 7360	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:16:18.0441 7360	sermouse - ok
18:16:19.0253 7360	ServiceLayer    (c15b813f2fdb44f87f23312472c6e790) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
18:16:19.0299 7360	ServiceLayer - ok
18:16:19.0424 7360	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
18:16:19.0440 7360	SessionEnv - ok
18:16:19.0455 7360	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:16:19.0487 7360	sffdisk - ok
18:16:19.0502 7360	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:16:19.0533 7360	sffp_mmc - ok
18:16:19.0549 7360	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:16:19.0580 7360	sffp_sd - ok
18:16:19.0596 7360	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:16:19.0643 7360	sfloppy - ok
18:16:19.0689 7360	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
18:16:19.0736 7360	SharedAccess - ok
18:16:19.0892 7360	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
18:16:19.0955 7360	ShellHWDetection - ok
18:16:19.0986 7360	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:16:20.0001 7360	sisagp - ok
18:16:20.0017 7360	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:16:20.0033 7360	SiSRaid2 - ok
18:16:20.0048 7360	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:16:20.0064 7360	SiSRaid4 - ok
18:16:20.0298 7360	SkypeUpdate     (ddaa5f4a6b958fc313ebd02dd925752f) D:\Programme\Skype\Updater\Updater.exe
18:16:20.0313 7360	SkypeUpdate - ok
18:16:21.0530 7360	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
18:16:21.0702 7360	slsvc - ok
18:16:21.0827 7360	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
18:16:21.0858 7360	SLUINotify - ok
18:16:21.0920 7360	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:16:21.0951 7360	Smb - ok
18:16:21.0983 7360	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:16:21.0998 7360	SNMPTRAP - ok
18:16:22.0107 7360	SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
18:16:22.0107 7360	SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:16:22.0107 7360	SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:16:22.0139 7360	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:16:22.0139 7360	spldr - ok
18:16:22.0201 7360	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
18:16:22.0232 7360	Spooler - ok
18:16:22.0295 7360	sptd            (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
18:16:22.0357 7360	sptd - ok
18:16:22.0451 7360	SQLAgent$SQLEXPRESS (a892134c28777978ecde8283dc57ac0f) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:16:22.0482 7360	SQLAgent$SQLEXPRESS - ok
18:16:22.0544 7360	SQLBrowser      (10d936dced9eacd1a1b3fcdda6d7a4eb) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:16:22.0560 7360	SQLBrowser - ok
18:16:22.0607 7360	SQLWriter       (135cdccc167ef0c250125bbd3abe18d5) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:16:22.0622 7360	SQLWriter - ok
18:16:22.0747 7360	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:16:22.0778 7360	srv - ok
18:16:22.0809 7360	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:16:22.0841 7360	srv2 - ok
18:16:22.0872 7360	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:16:22.0887 7360	srvnet - ok
18:16:22.0919 7360	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
18:16:22.0950 7360	SSDPSRV - ok
18:16:22.0997 7360	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:16:23.0012 7360	ssmdrv - ok
18:16:23.0043 7360	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
18:16:23.0059 7360	SstpSvc - ok
18:16:23.0106 7360	ssudmdm         (07318149e102fd9197ab444c27774372) C:\Windows\system32\DRIVERS\ssudmdm.sys
18:16:23.0137 7360	ssudmdm - ok
18:16:23.0199 7360	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
18:16:23.0246 7360	stisvc - ok
18:16:23.0340 7360	StkCMini        (ab80c9dde1f8d9f9f946365205ed55eb) C:\Windows\system32\Drivers\StkCMini.sys
18:16:23.0402 7360	StkCMini - ok
18:16:23.0496 7360	StkSSrv         (45062bf3aeeb2febe29a67d0448571db) C:\Windows\System32\StkCSrv.exe
18:16:23.0527 7360	StkSSrv - ok
18:16:23.0574 7360	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:16:23.0574 7360	swenum - ok
18:16:23.0636 7360	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
18:16:23.0652 7360	swprv - ok
18:16:23.0667 7360	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:16:23.0683 7360	Symc8xx - ok
18:16:23.0699 7360	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:16:23.0714 7360	Sym_hi - ok
18:16:23.0730 7360	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:16:23.0745 7360	Sym_u3 - ok
18:16:23.0792 7360	SynTP           (71837fbce3fd8143953444b3ff7938dc) C:\Windows\system32\DRIVERS\SynTP.sys
18:16:23.0823 7360	SynTP - ok
18:16:23.0886 7360	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
18:16:23.0964 7360	SysMain - ok
18:16:23.0995 7360	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:16:24.0026 7360	TabletInputService - ok
18:16:24.0073 7360	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
18:16:24.0089 7360	TapiSrv - ok
18:16:24.0104 7360	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
18:16:24.0135 7360	TBS - ok
18:16:24.0198 7360	Tcpip           (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
18:16:24.0245 7360	Tcpip - ok
18:16:24.0260 7360	Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
18:16:24.0291 7360	Tcpip6 - ok
18:16:24.0323 7360	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:16:24.0354 7360	tcpipreg - ok
18:16:24.0385 7360	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:16:24.0401 7360	TDPIPE - ok
18:16:24.0416 7360	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:16:24.0432 7360	TDTCP - ok
18:16:24.0463 7360	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:16:24.0494 7360	tdx - ok
18:16:24.0525 7360	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:16:24.0541 7360	TermDD - ok
18:16:24.0603 7360	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
18:16:24.0650 7360	TermService - ok
18:16:24.0713 7360	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
18:16:24.0728 7360	Themes - ok
18:16:24.0744 7360	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:16:24.0759 7360	THREADORDER - ok
18:16:24.0806 7360	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
18:16:24.0837 7360	TrkWks - ok
18:16:24.0900 7360	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
18:16:24.0915 7360	TrustedInstaller - ok
18:16:24.0947 7360	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:16:24.0978 7360	tssecsrv - ok
18:16:24.0993 7360	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:16:25.0025 7360	tunmp - ok
18:16:25.0071 7360	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:16:25.0087 7360	tunnel - ok
18:16:25.0103 7360	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:16:25.0118 7360	uagp35 - ok
18:16:25.0149 7360	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:16:25.0165 7360	udfs - ok
18:16:25.0196 7360	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
18:16:25.0227 7360	UI0Detect - ok
18:16:25.0243 7360	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:16:25.0259 7360	uliagpkx - ok
18:16:25.0290 7360	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:16:25.0305 7360	uliahci - ok
18:16:25.0337 7360	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:16:25.0337 7360	UlSata - ok
18:16:25.0368 7360	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:16:25.0368 7360	ulsata2 - ok
18:16:25.0383 7360	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:16:25.0430 7360	umbus - ok
18:16:25.0446 7360	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
18:16:25.0493 7360	upnphost - ok
18:16:25.0508 7360	upperdev        (47f5f9d837d80ffd5882a14db9da0a67) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
18:16:25.0539 7360	upperdev - ok
18:16:25.0571 7360	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:16:25.0602 7360	usbccgp - ok
18:16:25.0633 7360	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:16:25.0680 7360	usbcir - ok
18:16:25.0711 7360	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:16:25.0742 7360	usbehci - ok
18:16:25.0773 7360	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:16:25.0805 7360	usbhub - ok
18:16:25.0820 7360	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:16:25.0867 7360	usbohci - ok
18:16:25.0898 7360	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:16:25.0914 7360	usbprint - ok
18:16:25.0929 7360	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:16:25.0945 7360	usbscan - ok
18:16:25.0992 7360	usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
18:16:26.0007 7360	usbser - ok
18:16:26.0039 7360	UsbserFilt      (e44f0d17be0908b58dcc99ccb99c6c32) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
18:16:26.0070 7360	UsbserFilt - ok
18:16:26.0101 7360	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:16:26.0132 7360	USBSTOR - ok
18:16:26.0163 7360	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:16:26.0210 7360	usbuhci - ok
18:16:26.0241 7360	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:16:26.0273 7360	usbvideo - ok
18:16:26.0304 7360	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
18:16:26.0335 7360	UxSms - ok
18:16:26.0382 7360	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
18:16:26.0460 7360	vds - ok
18:16:26.0491 7360	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:16:26.0522 7360	vga - ok
18:16:26.0538 7360	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:16:26.0569 7360	VgaSave - ok
18:16:26.0585 7360	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:16:26.0600 7360	viaagp - ok
18:16:26.0631 7360	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:16:26.0647 7360	ViaC7 - ok
18:16:26.0663 7360	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:16:26.0678 7360	viaide - ok
18:16:26.0741 7360	vmm             (e41fef9e3056fe88c71e411f705be41e) C:\Windows\system32\Drivers\vmm.sys
18:16:26.0741 7360	vmm - ok
18:16:26.0756 7360	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:16:26.0772 7360	volmgr - ok
18:16:26.0834 7360	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:16:26.0850 7360	volmgrx - ok
18:16:26.0897 7360	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:16:26.0912 7360	volsnap - ok
18:16:26.0928 7360	VPCNetS2        (f96a678debdccb0b4bb7f38cb2580589) C:\Windows\system32\DRIVERS\VMNetSrv.sys
18:16:26.0943 7360	VPCNetS2 - ok
18:16:26.0990 7360	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:16:27.0006 7360	vsmraid - ok
18:16:27.0193 7360	VSPerfDrv100    (143c873a90e834f38733bb05d686a9e7) D:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
18:16:27.0209 7360	VSPerfDrv100 - ok
18:16:27.0302 7360	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
18:16:27.0396 7360	VSS - ok
18:16:27.0443 7360	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
18:16:27.0458 7360	W32Time - ok
18:16:27.0521 7360	W3SVC           (9ca92191c8f18e8b491a5b28e63c07b7) C:\Windows\system32\inetsrv\iisw3adm.dll
18:16:27.0583 7360	W3SVC - ok
18:16:27.0630 7360	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:16:27.0677 7360	WacomPen - ok
18:16:27.0692 7360	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:16:27.0723 7360	Wanarp - ok
18:16:27.0723 7360	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:16:27.0739 7360	Wanarpv6 - ok
18:16:27.0755 7360	WAS             (9ca92191c8f18e8b491a5b28e63c07b7) C:\Windows\system32\inetsrv\iisw3adm.dll
18:16:27.0770 7360	WAS - ok
18:16:27.0848 7360	WcesComm        (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll
18:16:27.0911 7360	WcesComm - ok
18:16:27.0957 7360	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
18:16:27.0989 7360	wcncsvc - ok
18:16:28.0020 7360	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:16:28.0051 7360	WcsPlugInService - ok
18:16:28.0082 7360	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:16:28.0082 7360	Wd - ok
18:16:28.0145 7360	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:16:28.0176 7360	Wdf01000 - ok
18:16:28.0207 7360	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:16:28.0238 7360	WdiServiceHost - ok
18:16:28.0238 7360	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:16:28.0254 7360	WdiSystemHost - ok
18:16:28.0301 7360	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
18:16:28.0332 7360	WebClient - ok
18:16:28.0379 7360	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
18:16:28.0410 7360	Wecsvc - ok
18:16:28.0425 7360	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
18:16:28.0457 7360	wercplsupport - ok
18:16:28.0488 7360	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
18:16:28.0519 7360	WerSvc - ok
18:16:28.0566 7360	wimmount        (05fb36a51e04a6c6b3a5f125fa692e6b) C:\Windows\system32\DRIVERS\wimmount.sys
18:16:28.0566 7360	wimmount - ok
18:16:28.0644 7360	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
18:16:28.0659 7360	WinDefend - ok
18:16:28.0675 7360	WinHttpAutoProxySvc - ok
18:16:28.0737 7360	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
18:16:28.0753 7360	Winmgmt - ok
18:16:28.0862 7360	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
18:16:28.0971 7360	WinRM - ok
18:16:29.0018 7360	winusb          (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
18:16:29.0049 7360	winusb - ok
18:16:29.0127 7360	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
18:16:29.0190 7360	Wlansvc - ok
18:16:29.0221 7360	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
18:16:29.0237 7360	WmiAcpi - ok
18:16:29.0315 7360	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
18:16:29.0330 7360	wmiApSrv - ok
18:16:29.0424 7360	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:16:29.0517 7360	WMPNetworkSvc - ok
18:16:29.0564 7360	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
18:16:29.0627 7360	WPCSvc - ok
18:16:29.0658 7360	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
18:16:29.0689 7360	WPDBusEnum - ok
18:16:29.0751 7360	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:16:29.0751 7360	WpdUsb - ok
18:16:29.0907 7360	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:16:29.0939 7360	WPFFontCache_v0400 - ok
18:16:29.0970 7360	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:16:30.0001 7360	ws2ifsl - ok
18:16:30.0032 7360	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
18:16:30.0063 7360	wscsvc - ok
18:16:30.0063 7360	WSearch - ok
18:16:30.0188 7360	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
18:16:30.0297 7360	wuauserv - ok
18:16:30.0438 7360	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
18:16:30.0469 7360	WudfPf - ok
18:16:30.0500 7360	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:16:30.0547 7360	WUDFRd - ok
18:16:30.0563 7360	wudfsvc         (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
18:16:30.0609 7360	wudfsvc - ok
18:16:30.0703 7360	XTSvcMgr        (3d130383a56db5de539aa6bb269e1a6c) C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
18:16:30.0734 7360	XTSvcMgr - ok
18:16:30.0765 7360	yukonwlh        (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
18:16:30.0812 7360	yukonwlh - ok
18:16:30.0859 7360	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:16:31.0218 7360	\Device\Harddisk0\DR0 - ok
18:16:31.0233 7360	Boot (0x1200)   (7f27e7a5f99764e0541c909692381695) \Device\Harddisk0\DR0\Partition0
18:16:31.0233 7360	\Device\Harddisk0\DR0\Partition0 - ok
18:16:31.0265 7360	Boot (0x1200)   (cebc2d5c0fb78ef07b6e43ff5cf87230) \Device\Harddisk0\DR0\Partition1
18:16:31.0265 7360	\Device\Harddisk0\DR0\Partition1 - ok
18:16:31.0265 7360	============================================================
18:16:31.0265 7360	Scan finished
18:16:31.0265 7360	============================================================
18:16:31.0265 5344	Detected object count: 13
18:16:31.0265 5344	Actual detected object count: 13
18:17:11.0778 5344	ANSYS, Inc. License Manager ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0778 5344	ANSYS, Inc. License Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:11.0793 5344	atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344	atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:11.0793 5344	Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344	Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:11.0793 5344	Ch2kPS2M ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344	Ch2kPS2M ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:11.0793 5344	Cherry Device Interface ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344	Cherry Device Interface ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:11.0793 5344	CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344	CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:11.0793 5344	epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344	epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:11.0793 5344	EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344	EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:11.0793 5344	EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344	EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:11.0793 5344	lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344	lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:11.0793 5344	RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0793 5344	RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:11.0809 5344	Samsung Update Plus ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0809 5344	Samsung Update Plus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:11.0809 5344	SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0809 5344	SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:42.0713 1784	Deinitialize success
         
Meine Anmerkungen:
  • Cherry Keyboardmanager (Ch2kPS2M.sys, cdi.exe) ist installiert, wird aber nicht zwingend benötigt -> zur Sicherheit deinstallieren?
  • EASEUS Partition Master 9.1.1 (epmntdrv.sys, EuGdiDrv.sys) ist installiert, wird nichtmehr benötigt -> deinstallieren?
  • Intel WiFi (EvtEng.exe, RegSrvc.exe) ist installiert, ich bin mir nicht sicher ob das benötigt wird (Klar WLan, aber das müsste auch ohne laufen?)
  • Samsung Update Plus nutze ich nicht, könnte also auch deinstalliert werden.
  • SolidWorks wird nichtmehr benötigt, kann auch weg.
  • atksgt.sys und lirsgt.sys gehören wohl zu einem Spiel-Kopierschutz und könnten auch weg (google-suche)
Ich warte mit dem Deinstallieren noch, bis ich ein ok von dir höre.

Gruß


Alt 25.07.2012, 22:09   #6
markusg
/// Malware-holic
 
HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt - Standard

HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt



lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
--> HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt

Alt 25.07.2012, 23:53   #7
Ilu
 
HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt - Standard

HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt



Code:
ATTFilter
7-Zip 4.65		20.07.2009	3,13MB	// unnötig
ActivePerl 5.14.2 Build 1402	ActiveState	03.03.2012	75,9MB	5.14.1402 // unnötig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	05.05.2012		11.2.202.235 // notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	16.07.2012		11.3.300.265 // notwendig
Adobe Photoshop CS4	Adobe Systems Incorporated	01.06.2009		11.0 // notwendig
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	13.04.2012		10.1.3 // notwendig
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	09.02.2011	7,52MB	11.5.9.620 // notwendig
Agere Systems HDA Modem	Agere Systems	25.06.2008		// unnötig (wohl von Nokia Ovi)
Android SDK Tools	Google Inc.	14.07.2012	488MB	1.16 // notwendig
Atheros WLAN Client		04.08.2008	876KB	1.00.000 // unbekannt
Audacity 1.2.6		30.05.2009	8,43MB	// unnötig
AutoCAD 2010 - Deutsch	Autodesk	21.01.2010	768MB	18.0.55.0 // unnötig
Autodesk Design Review 2010	Autodesk, Inc.	21.01.2010	112MB	10.0.0.108 // notwendig
Autodesk Inventor Content Center Libraries 2010 (Desktop Content)	Autodesk, Inc.	21.01.2010	1,31MB	14.0.0000.22302 // notwendig
Autodesk Inventor Professional 2010	Autodesk, Inc.	21.01.2010	1,91GB	14.1.0000.25300 // notwendig
Avira Free Antivirus	Avira	08.05.2012	66,4MB	12.0.0.1125 // notwendig 
Battlefield 3™	Electronic Arts	17.11.2011		1.0.0.0 // unnötig
calibre	Kovid Goyal	15.05.2011	128MB	0.8.1  // unnötig
Canon MP Navigator EX 1.0		05.09.2008	65,9MB	// notwendig
Canon MP610 series		05.09.2008		// notwendig
Canon MP610 series Benutzerregistrierung		05.09.2008	528KB	// notwendig (wegen Druck-Treiber/Software?)
Canon My Printer		02.02.2012	2,14MB	// notwendig
CCleaner	Piriform	22.06.2012	4,76MB	3.20 // notwendig
CD-LabelPrint		05.09.2008	11,7MB	// notwendig (wegen Druck-Treiber/Software?)
Cisco Systems VPN Client 5.0.03.0560	Cisco Systems, Inc.	12.10.2008	12,3MB	5.0.3 // notwendig
Citavi	Swiss Academic Software	04.03.2012	69,2MB	3.2.0.0 // notwendig
Citrix Online Plug-in - Web	Citrix Systems, Inc.	15.03.2011	16,0MB	12.1.0.30 // notwendig
Compatibility Pack for the 2007 Office system	Microsoft Corporation	10.05.2012		12.0.6612.1000  // unbekannt (Office 07 war aber mal installiert)
Deep Exploration 6 CE	Right Hemisphere	08.06.2011	459MB	6.1 // unnötig
DisplayFusion 3.4.1	Binary Fortress Software	29.01.2012	9,94MB	3.4.1.0 // notwendig
Dotfuscator Software Services - Community Edition	PreEmptive Solutions	05.05.2012	6,45MB	5.0.2500.0 // unbekannt (.NET-Zeugs?)
Dotfuscator Software Services - Community Edition - DEU	PreEmptive Solutions	20.02.2011	2,84MB	5.0.2300.0 // unbekannt (.Net-Zeugs?)
DWG TrueView 2010	Autodesk	21.01.2010	266MB	18.0.55.0 // notwendig
EASEUS Partition Master 9.1.1 Home Edition	EASEUS	05.05.2012	38,1MB	// unnötig
Easy Battery Manager		04.08.2008	7,89MB	3.2.1.7 // notwendig
Easy Display Manager	Samsung	25.06.2008	12,4MB	2.0.0.0 // notwendig
Easy Network Manager 3.0	Ihr Firmenname	25.06.2008	36,9MB	3.0.0.0 // notwendig
Easy SpeedUp Manager		04.08.2008	3,99MB	2.0.1.0 // notwendig
EVEREST Ultimate Edition v5.01	Lavalys, Inc.	21.05.2009	15,5MB	5.01 // notwendig
ffdshow [rev 2975] [2009-05-28]		30.05.2009	10,9MB	1.0 // notwendig
FileZilla Client 3.3.3		12.08.2010	14,8MB	3.3.3 // unnötig
GPL Ghostscript 8.64		16.06.2010	22,5MB	 // notwendig
GSview 4.9		16.06.2010	3,21MB	// notwendig
HP LaserJet Professional P1100-P1560-P1600 Series		03.04.2012	8,58MB	// unnötig
ICQ7.5	ICQ	06.06.2011	52,0MB	7.5 // unnötig
IguanaTex	IguanaTex Team	10.03.2012	181KB	1.0.0 // notwendig
Intel(R) PROSet/Wireless WiFi-Software	Intel(R) Corporation	25.06.2008	78,3MB	12.00.2000 // unnötig? Keine Ahnung
Intel® Matrix Storage Manager	Intel Corporation	04.08.2008	908KB	 // unnötig? Keine Ahnung
IrfanView (remove only)	Irfan Skiljan	14.04.2012	1,60MB	4.32 // notwendig
Java(TM) 7 Update 5	Oracle	25.07.2012	99,3MB	7.0.50 // notwendig
JavaFX 2.1.1	Oracle Corporation	25.07.2012	20,8MB	2.1.1 // notwendig
KeyMan V3.6 Build 6	ZF Electronics GmbH	03.02.2012	10,3MB	3.6.0.6 // unnötig
LAME v3.99.3 (for Windows)		12.03.2012	1,55MB	 // notwendig
latex2eps 0.11	Universität Duisburg-Essen - Hochfrequenztechnik	04.03.2012	8,25MB	// notwendig
League of Legends	Riot Games	30.08.2011	2,24GB	1.02.0000 // unnötig
MagicMap	Humboldt Universität zu Berlin	08.08.2008	15,8MB	0.9.3 // unnötig
Malwarebytes Anti-Malware Version 1.62.0.1300	Malwarebytes Corporation	23.07.2012	11,8MB	1.62.0.1300 // notwendig
Maple 12	Maplesoft	12.01.2009	699MB	12.0.0.0 // notwendig
Maple 15	Maplesoft	11.03.2012	1,30GB	15.0.0.0 // notwendig
Mathematica Extras 8.0 (2615434)	Wolfram Research, Inc.	03.06.2012	984KB	8.0.4 // notwendig
MATLAB R2012a	The MathWorks, Inc.	04.06.2012	6,01GB	7.14 // notwendig
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	27.02.2009	36,9MB	// unnötig? (da 4.0 vorhanden ist?)
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	01.02.2009	27,8MB	// unnötig? (da 4.0 vorhanden ist?)
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	01.07.2012	117MB	4.0.30320  // notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	01.07.2012	24,5MB	4.0.30320 // notwendig
Microsoft .NET Framework 4 Extended	Microsoft Corporation	01.07.2012	38,0MB	4.0.30320 // notwendig
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	01.07.2012	7,50MB	4.0.30320 // notwendig
Microsoft .NET Framework 4 Multi-Targeting Pack	Microsoft Corporation	20.02.2011	83,4MB	4.0.30319 // notwendig
Microsoft ASP.NET MVC 2	Microsoft Corporation	20.02.2011	481KB	2.0.50217.0 // notwendig (kommt mit Autodesk Inventor)
Microsoft ASP.NET MVC 2 - DEU	Microsoft Corporation	20.02.2011	24,0KB	2.0.50331.0 // notwendig (kommt mit Autodesk Inventor)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools	Microsoft Corporation	20.02.2011	2,26MB	2.0.50217.0 // notwendig
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU	Microsoft Corporation	20.02.2011	2,07MB	2.0.50331.0 // notwendig 
Microsoft Games for Windows - LIVE	Microsoft Corporation	13.12.2009	8,31MB	3.1.186.0  // unnötig
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	13.12.2009	32,3MB	3.1.99.0 // unnötig
Microsoft Help Viewer 1.1	Microsoft Corporation	05.05.2012	66,3MB	1.1.40219 // unbekannt
Microsoft Help Viewer 1.1 Language Pack - DEU	Microsoft Corporation	05.05.2012	66,3MB	1.1.40219 // unbekannt
Microsoft Office Professional Plus 2010	Microsoft Corporation	04.05.2012	715MB	14.0.6029.1000 // notwendig
Microsoft Project Professional 2010	Microsoft Corporation	04.05.2012	715MB	14.0.6029.1000 // notwendig
Microsoft Silverlight	Microsoft Corporation	11.05.2012		5.1.10411.0 // unnötig (kam garantiert irgendwo mit.. Keine Ahnung)
Microsoft Silverlight 3 SDK - Deutsch	Microsoft Corporation	20.02.2011	32,7MB	3.0.40818.0 // unbekannt (kam garantiert irgendwo mit.. Keine Ahnung)
Microsoft Silverlight 4 SDK	Microsoft Corporation	05.05.2012	51,6MB	4.0.50826.0 // unbekannt (kam garantiert irgendwo mit.. Keine Ahnung)
Microsoft SQL Server 2005	Microsoft Corporation	13.10.2008	42,6MB	// notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server 2008	Microsoft Corporation	20.02.2011	3,09GB	// notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server 2008 Browser	Microsoft Corporation	05.05.2012		10.3.5500.0 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server 2008 Native Client	Microsoft Corporation	05.05.2012	3,27MB	10.3.5500.0 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework	Microsoft Corporation	05.05.2012	5,54MB	10.50.1750.9 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server 2008 R2 Data-Tier Application Project	Microsoft Corporation	05.05.2012	11,8MB	10.50.1750.9 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server 2008 R2 Management Objects	Microsoft Corporation	05.05.2012	12,4MB	10.50.1750.9 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service	Microsoft Corporation	05.05.2012	6,72MB	10.50.1750.9 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server Compact 3.5 SP2 DEU	Microsoft Corporation	20.02.2011	3,69MB	3.5.8080.0 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server Compact 3.5 SP2 ENU	Microsoft Corporation	04.11.2011	3,39MB	3.5.8080.0 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server Database Publishing Wizard 1.4	Microsoft Corporation	20.02.2011	10,1MB	10.1.2512.8 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server Native Client	Microsoft Corporation	04.05.2012	2,63MB	9.00.5000.00 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server System CLR Types	Microsoft Corporation	05.05.2012	929KB	10.50.1750.9 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft SQL Server VSS Writer	Microsoft Corporation	05.05.2012		10.3.5500.0 // notwendig (wahrscheinlich wg. Autodesk Inventor)
Microsoft Sync Framework Runtime v1.0 SP1 (x86) de	Microsoft Corporation	20.02.2011	843KB	1.0.3010.0 // unbekannt
Microsoft Sync Framework SDK v1.0 SP1 de	Microsoft Corporation	20.02.2011	30,0MB	1.0.3010.0 // unbekannt
Microsoft Sync Framework Services v1.0 SP1 (x86) de	Microsoft Corporation	20.02.2011	2,06MB	1.0.3010.0 // unbekannt
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de	Microsoft Corporation	20.02.2011	596KB	2.0.3010.0 // unbekannt
Microsoft Team Foundation Server 2010-Objektmodell - DEU	Microsoft Corporation	05.05.2012		10.0.40219 // notwendig
Microsoft Virtual PC 2007	Microsoft Corporation	22.01.2012	36,7MB	6.0.156.0 // unnötig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	21.02.2012	294KB	8.0.56336 // unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	06.10.2010	597KB	9.0.30729 // unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	27.06.2009	590KB	9.0.30729 // unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	02.03.2011	223KB	9.0.30729.4148 // unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974	Microsoft Corporation	20.02.2011	593KB	9.0.30729.4974 // unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	04.05.2012	594KB	9.0.30729.6161 // unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	18.04.2012		10.0.40219 // notwendig
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219	Microsoft Corporation	05.05.2012	15,9MB	10.0.40219 // notwendig
Microsoft Visual F# 2.0 Runtime	Microsoft Corporation	05.05.2012	5,82MB	10.0.40219 // unnötig
Microsoft Visual Studio 2005 Tools for Applications - ENU	Microsoft Corporation	20.01.2010	11,8MB	// unbekannt
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools	Microsoft Corporation	05.05.2012		10.0.40219 // unnötig
Microsoft Visual Studio 2010 Professional - DEU	Microsoft Corporation	20.02.2011	1,78GB	10.0.30319 // notwendig
Microsoft Visual Studio 2010 Professional - ENU	Microsoft Corporation	05.11.2011	2,33GB	10.0.30319 // notwendig
Microsoft Visual Studio 2010 Service Pack 1	Microsoft Corporation	05.05.2012	19,8MB	10.0.40219 // notwendig
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)	Microsoft Corporation	05.05.2012	7,19MB	10.0.31007 // unnötig
Microsoft Visual Studio 2010 Ultimate - ENU	Microsoft Corporation	06.11.2011	2,33GB	10.0.30319 // notwendig
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU	Microsoft Corporation	20.02.2011	7,19MB	10.0.30319 // unnötig
Microsoft Visual Studio Macro Tools	Microsoft Corporation	20.02.2011	29,1MB	9.0.30729 // unnötig
Microsoft Visual Studio Macro Tools - DEU Language Pack	Microsoft Corporation	20.02.2011	29,1MB	9.0.30729 // unnötig
Microsoft Visual Studio Tools for Applications 2.0 - ENU	Microsoft Corporation	04.05.2012		9.0.30729 // notwendig
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU	Microsoft Corporation	08.06.2011	95,7MB	9.0.30729 // notwendig
Microsoft Visual Studio Tools for Applications 2.0 Runtime	Microsoft Corporation	08.06.2011	151KB	9.0.30729 // notwendig
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU	Microsoft Corporation	08.06.2011	225KB	9.0.30729 // notwendig
Microsoft WSE 3.0 Runtime	Microsoft Corp.	13.10.2008	942KB	3.0.5305.0 // unbekannt
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme	Microsoft Corporation	23.01.2012	132KB	12.0.4518.1014 // unnötig (Office 2010 inzwischen)
MiKTeX 2.9	MiKTeX.org	17.01.2012	420MB	2.9 // notwendig
Miranda IM 0.9.44		18.02.2012	117MB	// notwendig
Mozilla Firefox 14.0.1 (x86 de)	Mozilla	18.07.2012	59,1MB	14.0.1 // notwendig
Mozilla Maintenance Service	Mozilla	18.07.2012	216KB	14.0.1 // notwendig
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	08.09.2008	1,26MB	4.20.9848.0 // unbekannt
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	10.11.2008	1,27MB	4.20.9870.0 // unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	24.11.2009	1,33MB	4.20.9876.0 // unbekannt
NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1)		18.04.2012	800KB	 // notwendig (Novell)
NMAS Challenge Response Method	Novell, Inc.	18.04.2012	252KB	2.8.3.3 // notwendig
NMAS Client	Novell, Inc.	18.04.2012	1,01MB	3.5.0.6 // notwendig
NNScript	ESNation	26.05.2009	10,0MB	4.22 // unnötig
Nokia Connectivity Cable Driver	Nokia	04.06.2012	3,35MB	7.1.78.0 //notwendig
Nokia Map Loader	Nokia	18.04.2010	4,28MB	3.0.22 // notwendig
Nokia Mobile VPN Client Policy Tool	Nokia	15.06.2009	404KB	1.39 // notwendig
Nokia Software Updater	Nokia Corporation	25.10.2009	42,4MB	01.08.010.40008 // notwendig
Nokia Suite	Nokia	04.06.2012	129MB	3.4.49.0 // notwendig
Novell Client for Windows	Novell, Inc.	18.04.2012	6,07MB	2 SP2 // notwendig
NVIDIA Grafiktreiber 285.62	NVIDIA Corporation	30.01.2012	47,0MB	285.62 // notwendig
NVIDIA HD-Audiotreiber 1.2.24.0	NVIDIA Corporation	30.01.2012	3,40MB	1.2.24.0 // notwendig
NVIDIA PhysX-Systemsoftware 9.11.0621	NVIDIA Corporation	30.01.2012	73,2MB	9.11.0621 // notwendig
NVIDIA Update 1.5.20	NVIDIA Corporation	30.01.2012	3,53MB	1.5.20 // notwendig
OpenAL		13.12.2009	792KB	// unnötig
Pando Media Booster	Pando Networks Inc.	30.08.2011	7,16MB	2.3.6.0 // unbekannt
PC Connectivity Solution	Nokia	04.06.2012	14,8MB	12.0.17.0 // unnötig
Play AVStation	Ihr Firmenname	25.06.2008	91,1MB	4.1.20.50 // unnötig
Play Camera	Ihr Firmenname	07.08.2008	2,03MB	2.0.0.13 // unnötig
Port Royale 3	Gaming Minds Studios GmbH	28.05.2012		1.1.2.0 // unnötig
Rapture3D 2.3.22 Game	Blue Ripple Sound	13.12.2009	9,56MB	// unnötig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	25.06.2008	11,3MB	6.0.1.5605 // notwendig
Rockstar Games Social Club	Rockstar Games	27.02.2009	1,88MB	1.00.0000 // unnötig
Samsung Kies	Samsung Electronics Co., Ltd.	19.07.2012	217MB	2.3.2.12064_10 // notwendig
Samsung Magic Doctor	Samsung Electronics Co., LTD	04.08.2008	15,4MB	5.00 // unnötig
Samsung Recovery Solution III	Samsung	25.06.2008	36,4MB	3.0.0.5 // unnötig
Samsung Update Plus	Samsung Electronics Co., LTD	25.06.2008	5,64MB	1.3.0.11 // unnötig
SAMSUNG USB Driver for Mobile Phones	SAMSUNG Electronics Co., Ltd.	24.07.2012	42,9MB	1.5.6.0 // notwendig
Sandboxie 3.72 (32-bit)	SANDBOXIE L.T.D	25.07.2012	3,96MB	3.72 // notwendig
ScanSoft OmniPage SE 4	Nuance Communications, Inc.	05.09.2008	167MB	15.2.0020 // unnötig (kam mit Druck-Treiber/Software, nie genutzt)
Secure Download Manager	e-academy Inc.	03.05.2012	1,14MB	3.0.3 // unnötig
Skype™ 5.10	Skype Technologies S.A.	09.07.2012	19,3MB	5.10.115 // notwendig
SolidWorks 2012 Document Manager API	SolidWorks Corporation	03.06.2012	8,78MB	20.00.5022 // unnötig
SolidWorks eDrawings 2012	Dassault Systèmes SolidWorks Corp	03.06.2012	47,6MB	12.3.113 // unnötig
SolidWorks viewer	SolidWorks	04.05.2012	56,6MB	20.30.56 // unnötig
Spelling Dictionaries Support For Adobe Reader 8	Adobe Systems	01.02.2009	32,5MB	8.0.0 // unnötig (Reader X)
Spybot - Search & Destroy	Safer Networking Limited	09.03.2009	45,0MB	1.6.2 // notwendig
Synaptics Pointing Device Driver	Synaptics	03.02.2012	13,6MB	11.1.3.2 // notwendig
Tabellenbuch Metall digital	Europa Lehrmittel	18.01.2009	109MB	1.00.0000 // notwendig
TeXnicCenter Version 1.0 Stable RC1	TeXnicCenter.org	17.01.2012	11,8MB	Version 1.0 Stable RC1 // unnötig
TortoiseSVN 1.7.7.22907 (32 bit)	TortoiseSVN	18.07.2012	34,8MB	1.7.22907 // notwendig
Total Commander (Remove or Repair)	Ghisler Software GmbH	14.04.2012	7,42MB	7.57a // notwendig
UltraEdit 15.00	IDM Computer Solutions, Inc.	16.06.2009	44,1MB	15.00.40 // notwendig
UltraISO Premium V9.52		30.11.2011	5,75MB	// unnötig
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)	Microsoft Corporation	04.05.2012	23,2MB	9.00.5000.00 // unbekannt
Unterstützungsdateien für Microsoft SQL Server 2008-Setup 	Microsoft Corporation	05.05.2012	30,0MB	10.3.5500.0 // unbekannt
USB2.0 UVC 1.3M WebCam		26.06.2009		// notwendig (Kamera-Treiber?)
USB2.0 UVC WebCam	D-MAX	25.06.2008	2,65MB	6.11.706.012 // notwendig (Kamera-Treiber?)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU	Microsoft Corporation	20.02.2011	11,1MB	4.0.8080.0 // notwendig
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU	Microsoft Corporation	04.11.2011	10,7MB	4.0.8080.0 // notwendig
VLC media player 2.0.1	VideoLAN	26.03.2012	49,1MB	2.0.1 // notwendig
WCF RIA Services V1.0 SP1	Microsoft Corporation	05.05.2012	12,3MB	4.1.60114.0 // unbekannt 
Web Deployment Tool	Microsoft Corporation	20.02.2011	7,96MB	1.1.0618 // unnötig
WIDCOMM Bluetooth Software 6.0.1.6300	WIDCOMM, Inc.	25.06.2008	35,5MB	6.0.1.6300 // notwendig
Winamp	Nullsoft, Inc	27.08.2008	27,8MB	5.541 // notwendig
Windows 7 USB/DVD Download Tool	Microsoft Corporation	22.09.2010	2,71MB	1.0.30 // unnötig
Windows Automated Installation Kit	Microsoft Corporation	22.09.2010	1,34GB	2.0.0.0 // unnötig
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)	Nokia	04.06.2012	15,0MB	08/22/2008 7.0.0.0 // notwendig?
WinEdt 6	WinEdt Team	05.02.2011	24,4MB	6.0 // notwendig
WinRAR 4.10 (32-Bit)	win.rar GmbH	01.02.2012	3,72MB	4.10.0 // notwendig
Wolfram Mathematica 8 for Students (M-WIN-G 8.0.4 2615565)	Wolfram Research, Inc.	03.06.2012	2,98GB	8.0.4 // notwendig
Zattoo4 4.0.4	Zattoo Inc.	11.04.2010	40,1MB	4.0.4 // notwendig
         
Mir ist kein Programm aufgefallen, bei dem ich eindeutig sagen kann "das hab ich bestimmt nie installiert und hab keine Ahnung wo das herkommt". Gerade das Zeug von Microsoft wird mit großer Sicherheit von anderen Programmen benötigt, nur kann ich nicht immer sagen von welchen.

Gruß

Alt 26.07.2012, 17:39   #8
markusg
/// Malware-holic
 
HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt - Standard

HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt



deinstaliere
7-Zip
ActivePerl
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Audacity
Battlefield
calibre
Compatibility Pack
Deep Exploration
EASEUS
FileZilla
HP
KeyMan
League
MagicMap
Microsoft Games : alle
NNScript
OpenAL
Play : beide
Port
Rapture3D
Rockstar
ScanSoft
Secure
SolidWorks : alle
Spelling Dictionaries
Spybot : weg damit, lieber Malwarebytes von zeit zu zeit updaten und scannen lassen
TeXnicCenter
UltraISO Premium
Web Deployment
Windows Automated

öffne ccleaner, analysieren starten.
öffne otl, cleanup, pc startet neu, testen wie er läuft
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.07.2012, 16:11   #9
Ilu
 
HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt - Standard

HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt



Hi Markus,

hab die Programme deinstalliert, CCleaner aufräumen lassen und in OTL auf "Bereinigen" geklickt.

Auf dem Rechner waren danach keine Spiele mehr außer den Windows-Games. Trotzdem waren die Kopierschutz-Dateien, die der TDSSKiller aufgelistet hat, noch vorhanden (atksgt.sys,lirsgt.sys).
Laut hxxp://www.datei.info/was_ist/atksgt_sys.html gehören die Dateien zum Kopierschutztreiber "Tages". Mit Hilfe der Installationsdatei der neuen Version ( hxxp://tagesprotection.com/5.5/TagesSetup.exe ) habe ich dann den Tages-Treiber deinstalliert.
Folgende Dateien, die der TDSSKiller gemeldet hat, sind jetzt nicht mehr vorhanden:
Code:
ATTFilter
C:\Program Files\Cherry\CDI\cdi.exe
C:\Windows\system32\DRIVERS\atksgt.sys
C:\Windows\system32\DRIVERS\lirsgt.sys
C:\Windows\system32\epmntdrv.sys
C:\Windows\system32\EuGdiDrv.sys
C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
         
Noch vorhanden sind:
Code:
ATTFilter
C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Windows\system32\DRIVERS\Ch2kPS2M.sys
C:\Windows\system32\Drivers\CVPNDRVA.sys
C:\Program Files\Intel\WiFi\bin\EvtEng.exe // nach Update von Intel PROSet Wireles ist die Datei jetzt signiert
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe // nach Update von Intel PROSet Wireles ist die Datei jetzt signiert
         
Mit den aufgelisteten kann ich meiner Meinung nach ganz gut leben. Ausgeführt hab ich den TDSSKiller nicht nochmal, da OTL ihn entfernt hat.

Der Rechner läuft (wie schon die ganze Zeit) ohne Probleme. Allerdings sind die virtuellen Laufwerke noch weg, Defogger wurde von OTL entfernt und Daemon Tools Lite fehlt beim Autostart. Kann ich mir Defogger einfach nochmal runterladen und die Laufwerke wieder aktivieren oder wäre es einfacher DTLite neu zu installieren?

Vielen Dank für deine Hilfe!
Gruß

Alt 27.07.2012, 18:45   #10
markusg
/// Malware-holic
 
HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt - Standard

HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt



hi, die dateien können bleiben, sorry das mit defogger hab ich vergessen, laden, enable klicken und wieder löschen.
danach pc absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.72

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.07.2012, 14:43   #11
Ilu
 
HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt - Standard

HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt



Hi Markus,

kam erst heute wieder dazu was an dem Laptop zu machen. Die virtuellen Laufwerke sind nach re-enablen wieder da.
Ich werde Antivir mit avast! Free ersetzen. Spybot bleibt deinstalliert. Chrome habe ich installiert und gleich mal um AdBlock Plus und HTTPS Everywhere erweitert. Gibt es da noch mehr sinnvolle Addons?
SEHOP ist jetzt aktiviert, DEP ist umgestellt: Ich habe jetzt "Datenausführungsverhinderung für alle Programme und Dienste mit Ausnahme der ausgewählten einschalten:" ausgewählt. Der Hinweis am unteren Ende des Fensters "Der Prozessor des Computers unterstützt keine hardwareseitige Datenausführungsverhinderung. [...]" ist verschwunden, nachdem ich das NX-Bit im BIOS aktiviert habe (Intel Penryn-Architektur). Vielleicht kann man darauf in der Anleitung noch hinweisen. Im BIOS habe ich dann gleich noch den MBR-Schreibschutz aktiviert.
Sandboxie war bereits installiert und wird auch verwendet. Auf File Hippo update checker und PSI verzichte ich. Beides habe ich ausprobiert - mit mäßigem Ergebnis.

Noch einmal herzlichen Dank für deine Hilfe.

Gruß

Alt 30.07.2012, 19:45   #12
markusg
/// Malware-holic
 
HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt - Standard

HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt



hi
was heißt "mit mäßigem ergebniss"?
adblock für chrome:
http://filepony.de/download-ghostery_chrome/
sicher surfen mit chrome:
Sicher surfen mit Google Chrome | Verbraucher sicher online
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.07.2012, 12:10   #13
Ilu
 
HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt - Standard

HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt



Naja, nicht auf dem neuesten Stand zum Zeitpunkt der Ausführung waren:
  • Winamp (5.581 oder so statt 5.63). In den Changelogs der dazwischenliegenden Versionen tauchen mehrere overflows in Plugins auf, was lt. PSI-Homepage ja ein Grund ist das ganze als potentiell gefährliche Sicherheitslücke einzustufen. Wurde nicht gelistet.
  • CCleaner. FileHippo hats entdeckt (evtl PSI auch, das hatte ich da noch nicht installiert).
  • DTLite (4.30.1 statt 4.45.4). Gefixt wurden dazwischen lt Changelog Handleleaks, Inkompatibilität mit McAfee und "Kleine Fehler" (wo ja alles mögliche enthalten sein kann). Also auch halbwegs sicherheitsrelevant, wurde aber nicht gelistet.
  • Cisco VPN (5.0.05 statt 5.0.07). Da habe ich nicht das Changelog gesucht, aber so tief wie der sich eingräbt, wüsste ich schon gerne wenn es da potentielle Verbesserungen gibt. Auch wenn man den nicht frei im Netz laden kann, hätte ich mindestens einen Hinweis "Fragen Sie bei ihrem Admin nach" erwartet.
  • Miranda IM (0.9.52 statt 0.10.0). Im Changelog stehen memory leaks und mehrere "rare crashes". Obwohl Miranda IM bei FileHippo.com zu laden ist, wurde es nicht aufgelistet.
Da heutzutage eh die meisten Programme eine update-Funktion haben verzichte ich auf 2 zusätzliche Programme im Hintergrund (welche zumindest bei mir ihre Aufgabe nicht gut erfüllen).


Gruß

Alt 31.07.2012, 12:13   #14
markusg
/// Malware-holic
 
HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt - Standard

HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt



hi
miranda wird gelistet, ich hab ja file hippo etc auch auf vielen pcs instaliert. hast du das programm instaliert oder nur in ihrer datenbank geguckt.
ok, viele programme haben updater, aber weist du wie lange das häufig dauerd bis die laden, ewig, bei java zb einige wochen, und auch flash wird nicht am tage des updates aktualisiert, das ist gefährlich, da besonders bei den programmen die lücken immer schnell genutzt werden
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.07.2012, 16:46   #15
Ilu
 
HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt - Standard

HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt



Miranda habe ich einmal installiert und update seitdem über die 7zip-files.
FileHippo Updater war installiert, bei PSI habe ich zunächst die Java-Variante ausprobiert und danach die exe installiert. Aber auch die PSI-exe zeigte DTLite etc nicht an. Sogar schlimmer: Obwohl eine neue Vidalia-Version ( https://www.torproject.org ) zur verfügung steht wird Vidalia als aktuell gelistet (auf dem Rechner war 0.2.17 [portable] statt 0.2.20).

Ich hab die Update-Intervalle anders konfiguriert: Java z.B. von wöchentlichen Updates Sonntags um 2.00 Uhr auf täglich 20.00 Uhr (da sollte der Rechner meistens an sein). Ob das hilft aktuelle Software zu haben, sehe ich beim nächsten Update (im Netz steht ja, wann das Update rauskam). Die Flash-Updates gemäß dem Tipp hier ( hxxp://www.raymond.cc/blog/setting-adobe-flash-player-auto-update-check-interval/ ) auf Programmstart statt standard (7 Tage).


Gruß

Antwort

Themen zu HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt
32 bit, 7-zip, akamai, antivir, audacity, autorun, avira, bho, canon, cisco vpn, error, exe, expert pdf, firefox, flash player, format, ftp, google earth, grand theft auto, hacktool.hiderun, home, iexplore.exe, install.exe, java., java/exploit.cve-2012-0507.b, java/trojandownloader.agent.ndr, logfile, mozilla, ntdll.dll, nvidia update, plug-in, programm, realtek, registry, rundll, safer networking, searchscopes, server, software, system, total commander, u.s./worldwide, vista, visual studio, win32k.sys, windows, wlan, zip-datei




Ähnliche Themen: HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt


  1. Windows 7: Trojanerfund TR/Dldr.Agent.2343.1 in ..\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\29352a0f-2c1714bd
    Log-Analyse und Auswertung - 04.11.2014 (10)
  2. Win 8 : Probleme und Windows Verson Installer 2011-2014 nach Java Update
    Plagegeister aller Art und deren Bekämpfung - 08.06.2014 (9)
  3. Währens trovigo-Virus-Entfernung Java-Virus Java/Exploit.Agent.OHY trojan entdeckt, den ich nicht loswerde.
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (11)
  4. Windows Version Installer 2011-2014 nach JAVA Update
    Plagegeister aller Art und deren Bekämpfung - 20.05.2014 (17)
  5. Win7, JAVA/Lamar.SFD.12 in C:\Users\...\Java\Deployment\cache\6.0\54\453e86f6-10c60f
    Plagegeister aller Art und deren Bekämpfung - 02.09.2013 (16)
  6. Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen in c:\documents and settings\***\appdata\locallow\sun\java\deployment\cache\6.0\34\ gefunden
    Log-Analyse und Auswertung - 30.05.2013 (7)
  7. HEUR:Exploit.Java.CVE-2012-1723.gen in c:/documents and settings/.../appdata/locallow/sun/java/deployment/cache/6.0/1/3935ec1-7693a783
    Plagegeister aller Art und deren Bekämpfung - 14.12.2012 (2)
  8. Hacktool.Hiderun mit Anti-Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (2)
  9. C:\Windows\Installer\MSI50D9.tmp (HackTool.Hiderun)
    Plagegeister aller Art und deren Bekämpfung - 20.07.2012 (17)
  10. Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (23)
  11. 2x Rootkit0.Access, Trojan.Zaccess und zweimal Trojan.Dropper.PE4 in C:\Windows\Installer\
    Log-Analyse und Auswertung - 14.07.2012 (3)
  12. Trojan.Small, Trojan.Sirefef, Rootkit.0Access in C:\Windows\installer - ist nicht zu entfernen
    Log-Analyse und Auswertung - 05.07.2012 (23)
  13. Exploit.Java.CVE-2010-0840.N in \AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\3
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (21)
  14. JAVA-EXPLOIT EXP/CVE-2010-0840.FL, etc. im Java-Cache
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (15)
  15. MBAM-Seite nicht aufrufbar / MSIBF4D.tmp (HackTool.Hiderun)
    Log-Analyse und Auswertung - 31.01.2012 (1)
  16. Nach Probleme mit Thunderbird JAVA/Exdoer.AJ und Trojan.Agent entdeckt
    Log-Analyse und Auswertung - 01.04.2011 (10)
  17. JAVA/Agent.2212 in C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57e71281-719c
    Plagegeister aller Art und deren Bekämpfung - 08.02.2011 (17)

Zum Thema HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt - Hi, nachdem ich gestern dummerweise die Zip-Datei (nicht die exe) des aktuellen "Paket nicht zustellbar, ihre Deutsche Post"-Spams geöffnet hatte, dachte ich mir es könnte nicht schaden mal eine aktive - HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt...
Archiv
Du betrachtest: HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.