Infektion mit Live Security Platinum: Dateien lassen sich nicht mehr ausführen inkl. F8

cosinus · 05.07.2012, 20:52

Richtig schon, aber leider unvollständig

twinmama · 06.07.2012, 10:53

okay nächster Versuch, ich habe den OTL-Scan nochmal durchgeführt

Ich habe die Logdatei als Dateianhang hochgeladen und hier kommt sie noch einmal als Code

Code:

ATTFilter

OTL logfile created on: 06.07.2012 11:32:01 - Run 2
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.002\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,91 Mb Total Physical Memory | 811,19 Mb Available Physical Memory | 79,30% Memory free
2,41 Gb Paging File | 2,34 Gb Available in Paging File | 97,12% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,78 Gb Total Space | 79,02 Gb Free Space | 70,69% Space Free | Partition Type: NTFS
Drive D: | 111,79 Gb Total Space | 111,64 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Drive F: | 1,91 Gb Total Space | 1,91 Gb Free Space | 99,55% Space Free | Partition Type: FAT
 
Computer Name: PRIVAT-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.04 18:46:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.002\Desktop\OTL.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Programme\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe /s Norton Internet Security /m C:\Programme\Norton Internet Security\Engine\16.5.0.135\diMaster.dll /prefetch:1 -- (Norton Internet Security)
SRV - File not found [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - File not found [Auto | Stopped] -- C:\Programme\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\alg.exe -- (ALG)
SRV - File not found [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2012.06.16 14:05:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003.12.03 12:01:48 | 000,327,680 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\HLS32SVC.EXE -- (HLServer)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMTDI.SYS -- (SYMTDI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMNDIS.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMIDS.SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent)
DRV - File not found [File_System | Boot | Stopped] -- system32\drivers\NIS\1005000.087\SYMEFA.SYS -- (SymEFA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090406.048\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090406.048\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090331.007\IDSxpx86.sys -- (IDSxpx86)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - File not found [Kernel | System | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\ccHPx86.sys -- (ccHP)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\BHDrvx86.sys -- (BHDrvx86)
DRV - File not found [Kernel | System | Stopped] -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - File not found [File_System | System | Stopped] -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - File not found [Kernel | System | Stopped] -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008.04.19 20:15:06 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006.10.09 16:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.10.09 15:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2006.10.04 10:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2006.09.25 22:44:30 | 000,113,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006.09.12 20:27:00 | 004,381,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.06.28 01:00:00 | 000,217,600 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2006.06.19 00:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.05.09 17:20:40 | 000,013,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.05.09 17:20:38 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.04.13 21:00:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006.03.16 11:45:00 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006.03.15 11:52:00 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006.03.07 06:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006.02.24 02:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006.02.10 12:17:00 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.02.08 18:33:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005.09.09 19:56:14 | 000,006,144 | ---- | M] (hxxp://www.internals.com) [Kernel | System | Stopped] -- C:\WINDOWS\system32\WinIo.sys -- (WINIO)
DRV - [2005.08.01 17:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.07.28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005.07.20 19:08:28 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2005.07.20 19:08:26 | 000,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2005.07.11 19:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005.01.06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-484763869-1202660629-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.26 12:13:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\shopclever@extension: C:\Programme\ShopClever\Firefox [2011.12.20 11:40:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.16 14:05:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.15 08:58:31 | 000,000,000 | ---D | M]
 
[2009.01.26 21:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.002\Anwendungsdaten\Mozilla\Extensions
[2009.01.26 21:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.002\Anwendungsdaten\Mozilla\Firefox\Profiles\y2gvg3y7.default\extensions
[2012.02.20 11:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.28 13:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions(2)
[2011.11.27 21:14:49 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2012.06.16 14:05:32 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.05.07 09:49:02 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.07 09:49:02 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.05.07 09:49:02 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.07 09:49:02 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.07 09:49:02 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.07 09:49:02 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.10 21:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programme\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O2 - BHO: (ShopcleverBHO Class) - {5FF205EF-8483-497D-8678-61AC95BB0EBB} - C:\Programme\ShopClever\IE\Shopclever.dll (shopclever.de)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programme\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [a-squared Anti-Dialer] "C:\Programme\a-squared Anti-Dialer\a2adguard.exe" /d=60 File not found
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DeskUpdateNotifier] C:\Programme\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [eBayToolbar] C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay Inc.)
O4 - HKLM..\Run: [eDoc] C:\Programme\Gemeinsame Dateien\MAYComputer\eDocPrintPro\eDoc.exe (May Software)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [FuncKey] "C:\Programme\Hotkey Management\FuncKey.exe" File not found
O4 - HKLM..\Run: [hpqSRMon]  File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RevHDD] C:\WINDOWS\SYSTEM\RevHDD.exe File not found
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-20..\Run: [rundll32.exe] rundll32.exe "C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia\Common\e3e300381.dll"" File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-1202660629-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Shopclever - {5FF205EF-8483-497D-8678-61AC95BB0EBB} - C:\Programme\ShopClever\IE\Shopclever.dll (shopclever.de)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\shopclever-data {4AA619DE-8C24-442E-BD8D-EF9DA83EDA05} - C:\Programme\ShopClever\IE\Shopclever.dll (shopclever.de)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.01.22 09:31:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.02.13 11:56:59 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= -  File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: nwiz - hkey= - key= -  File not found
MsConfig - StartUpReg: SkyTel - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: SymEFA.sys - system32\drivers\NIS\1005000.087\SYMEFA.SYS File not found
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SymEFA.sys - system32\drivers\NIS\1005000.087\SYMEFA.SYS File not found
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8BF1B8CD-9A6C-4382-A454-CC769B913F48} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.04 18:49:29 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.002\Desktop\OTL.exe
[2012.07.04 18:44:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.002\IETldCache
[2012.07.01 19:18:06 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.06.24 18:29:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4D5625F00235620002401AAD151FC4E
[47 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.06 11:24:12 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.06 11:10:10 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.07.06 11:10:08 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.06 11:07:10 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2012.07.04 18:46:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.002\Desktop\OTL.exe
[2012.07.03 20:59:00 | 000,001,222 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1202660629-839522115-1003UA.job
[2012.07.03 20:15:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.01 19:59:00 | 000,001,170 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1202660629-839522115-1003Core.job
[2012.06.30 07:55:19 | 000,000,793 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.14 07:17:12 | 000,362,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.13 19:14:58 | 000,496,788 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.13 19:14:58 | 000,476,592 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.13 19:14:58 | 000,092,190 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.13 19:14:58 | 000,077,244 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[47 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.15 21:05:33 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Emu30.INI
[2012.03.15 21:05:25 | 003,029,064 | ---- | C] () -- C:\WINDOWS\System32\SpaixRemoteSrv.exe
[2011.11.27 22:53:05 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc
[2011.10.06 18:17:10 | 000,000,030 | R--- | C] () -- C:\WINDOWS\System32\drivers\RevHDD.ini
[2011.08.17 19:03:40 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.07.14 10:06:27 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011.07.14 10:06:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2011.04.23 20:56:09 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2011.01.31 11:34:39 | 000,000,033 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010.08.16 09:27:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008.01.22 19:06:45 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
 
========== LOP Check ==========
 
[2009.01.25 14:10:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.000\Anwendungsdaten\T-Online
[2011.12.13 20:01:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
[2012.01.17 11:44:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2011.11.10 19:39:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2011.12.07 13:55:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay
[2008.01.22 11:50:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eDocPrintPro
[2012.01.23 08:44:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular
[2012.06.24 21:29:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4D5625F00235620002401AAD151FC4E
[2008.08.14 11:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotobuch.de AG
[2011.07.14 10:06:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2011.01.13 15:35:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fujitsu
[2011.11.22 19:13:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HSETU
[2009.07.18 08:40:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LIDL Fotoservice
[2009.07.18 08:47:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lidl_Fotos
[2011.11.22 19:08:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir
[2011.11.28 17:01:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2008.01.22 21:48:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2011.12.09 22:14:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WholeSecurity
[2011.12.20 10:32:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.05.11 15:40:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\DeskUpdate.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.01.27 00:12:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.002\Anwendungsdaten\Adobe
[2009.01.27 00:36:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.002\Anwendungsdaten\ArcSoft
[2009.01.26 21:22:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.002\Anwendungsdaten\Identities
[2012.07.04 18:49:54 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.002\Anwendungsdaten\Microsoft
[2009.01.26 21:21:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.002\Anwendungsdaten\Mozilla
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.10 21:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.03.10 08:52:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.03.10 08:52:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.10 21:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.03.10 08:52:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.03.10 08:52:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.10 21:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.10 21:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.10 21:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2005.08.18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvatabus.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.10 21:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.10 21:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2005.04.08 11:43:26 | 000,060,928 | ---- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.10 21:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.10 21:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.10 21:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.22 10:13:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.01.22 10:13:45 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.01.22 10:13:45 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

Ich hoffe diesmal ist die Datei komplett, wenn nicht gib mir bitte einen Tipp, woran es liegen könnte.

Danke.

Gruß twinmama

cosinus · 06.07.2012, 11:52

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programme\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O2 - BHO: (ShopcleverBHO Class) - {5FF205EF-8483-497D-8678-61AC95BB0EBB} - C:\Programme\ShopClever\IE\Shopclever.dll (shopclever.de)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programme\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [hpqSRMon]  File not found
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-20..\Run: [rundll32.exe] rundll32.exe "C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia\Common\e3e300381.dll"" File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.01.22 09:31:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.02.13 11:56:59 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
:Files
C:\Programme\Gemeinsame Dateien\Spigot
C:\Programme\pdfforge Toolbar
C:\Dokumente und Einstellungen\Benjamin\Anwendungsdaten\Sun\Java\Deployment\cache
C:\Dokumente und Einstellungen\Benjamin\Eigene Dateien\Downloads\registrybooster.exe
C:\Dokumente und Einstellungen\Benjamin\Lokale Einstellungen\Anwendungsdaten\rrdkidac.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4D5625F00235620002401AAD151FC4E
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia\Common\e3e300381.dll
C:\Programme\eBay\eBay Toolbar2
C:\Programme\ShopClever
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

twinmama · 06.07.2012, 12:46

hier kommt das Logfile nach dem Fix:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}\ deleted successfully.
C:\Programme\eBay\eBay Toolbar2\eBayTb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FF205EF-8483-497D-8678-61AC95BB0EBB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FF205EF-8483-497D-8678-61AC95BB0EBB}\ deleted successfully.
C:\Programme\ShopClever\IE\Shopclever.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{92085AD4-F48A-450D-BD93-B28CC7DF67CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92085AD4-F48A-450D-BD93-B28CC7DF67CE}\ deleted successfully.
File C:\Programme\eBay\eBay Toolbar2\eBayTb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\rundll32.exe deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
D:\AUTORUN.INF moved successfully.
========== FILES ==========
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Res folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Lang folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot folder moved successfully.
C:\Programme\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Programme\pdfforge Toolbar\Res folder moved successfully.
C:\Programme\pdfforge Toolbar\IE\4.9 folder moved successfully.
C:\Programme\pdfforge Toolbar\IE folder moved successfully.
C:\Programme\pdfforge Toolbar\FF\chrome\skin folder moved successfully.
C:\Programme\pdfforge Toolbar\FF\chrome\locale\EN-US folder moved successfully.
C:\Programme\pdfforge Toolbar\FF\chrome\locale folder moved successfully.
C:\Programme\pdfforge Toolbar\FF\chrome\content folder moved successfully.
C:\Programme\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Programme\pdfforge Toolbar\FF folder moved successfully.
C:\Programme\pdfforge Toolbar folder moved successfully.
File\Folder C:\Dokumente und Einstellungen\Benjamin\Anwendungsdaten\Sun\Java\Deployment\cache not found.
File\Folder C:\Dokumente und Einstellungen\Benjamin\Eigene Dateien\Downloads\registrybooster.exe not found.
File\Folder C:\Dokumente und Einstellungen\Benjamin\Lokale Einstellungen\Anwendungsdaten\rrdkidac.exe not found.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4D5625F00235620002401AAD151FC4E folder moved successfully.
File\Folder C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia\Common\e3e300381.dll not found.
C:\Programme\eBay\eBay Toolbar2\Users folder moved successfully.
C:\Programme\eBay\eBay Toolbar2\Bookmarks folder moved successfully.
C:\Programme\eBay\eBay Toolbar2 folder moved successfully.
C:\Programme\ShopClever\IE folder moved successfully.
C:\Programme\ShopClever\Firefox\defaults\preferences folder moved successfully.
C:\Programme\ShopClever\Firefox\defaults folder moved successfully.
C:\Programme\ShopClever\Firefox\chrome\skin folder moved successfully.
C:\Programme\ShopClever\Firefox\chrome\locale\de-DE folder moved successfully.
C:\Programme\ShopClever\Firefox\chrome\locale folder moved successfully.
C:\Programme\ShopClever\Firefox\chrome\content folder moved successfully.
C:\Programme\ShopClever\Firefox\chrome folder moved successfully.
C:\Programme\ShopClever\Firefox folder moved successfully.
C:\Programme\ShopClever folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 314 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 53524 bytes
 
User: Administrator.PRIVAT-PC
->Temp folder emptied: 817394 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Administrator.PRIVAT-PC.000
->Temporary Internet Files folder emptied: 32768 bytes
->FireFox cache emptied: 53524 bytes
 
User: Administrator.PRIVAT-PC.001
->Temp folder emptied: 817708 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Administrator.PRIVAT-PC.002
->Temp folder emptied: 28892614 bytes
->Temporary Internet Files folder emptied: 95073 bytes
->FireFox cache emptied: 2895045 bytes
 
User: All Users
 
User: Benjamin
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: nur fürs Internet
->Temp folder emptied: 597963 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 56063642 bytes
->Flash cache emptied: 456 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2864936 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1037091 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 90,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: Administrator.PRIVAT-PC
 
User: Administrator.PRIVAT-PC.000
 
User: Administrator.PRIVAT-PC.001
 
User: Administrator.PRIVAT-PC.002
 
User: All Users
 
User: Benjamin
 
User: Default User
 
User: LocalService
 
User: NetworkService
 
User: nur fürs Internet
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07062012_133614

Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.002\Lokale Einstellungen\Temp\~DF56AB.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.002\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{324D703F-8BB4-40C7-91FA-0E617FC56BC7}.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.002\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{32D89845-7D76-4116-93D7-35864B0A5F19}.tmp not found!

PendingFileRenameOperations files...
File C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.002\Lokale Einstellungen\Temp\~DF56AB.tmp not found!
File C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.002\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{324D703F-8BB4-40C7-91FA-0E617FC56BC7}.tmp not found!
File C:\Dokumente und Einstellungen\Administrator.PRIVAT-PC.002\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{32D89845-7D76-4116-93D7-35864B0A5F19}.tmp not found!

Registry entries deleted on Reboot...

und zur Sicherheit auch noch einmal als Datei (im Anhang)

Gruß twinmama

cosinus · 06.07.2012, 14:04

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

twinmama · 06.07.2012, 18:19

Also TDSS hat folgenden Report erzeugt:

Code:

ATTFilter

19:06:45.0921 2620	TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08
19:06:45.0953 2620	============================================================
19:06:45.0953 2620	Current date / time: 2012/07/06 19:06:45.0953
19:06:45.0953 2620	SystemInfo:
19:06:45.0953 2620	
19:06:45.0953 2620	OS Version: 5.1.2600 ServicePack: 3.0
19:06:45.0953 2620	Product type: Workstation
19:06:45.0953 2620	ComputerName: PRIVAT-PC
19:06:45.0953 2620	UserName: Benjamin
19:06:45.0953 2620	Windows directory: C:\WINDOWS
19:06:45.0953 2620	System windows directory: C:\WINDOWS
19:06:45.0953 2620	Processor architecture: Intel x86
19:06:45.0953 2620	Number of processors: 2
19:06:45.0953 2620	Page size: 0x1000
19:06:45.0953 2620	Boot type: Normal boot
19:06:45.0953 2620	============================================================
19:06:47.0718 2620	Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:06:47.0718 2620	Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:06:47.0718 2620	Drive \Device\Harddisk2\DR4 - Size: 0x7A800000 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:06:47.0718 2620	============================================================
19:06:47.0718 2620	\Device\Harddisk0\DR0:
19:06:47.0718 2620	MBR partitions:
19:06:47.0718 2620	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
19:06:47.0718 2620	\Device\Harddisk1\DR1:
19:06:47.0718 2620	MBR partitions:
19:06:47.0718 2620	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
19:06:47.0718 2620	\Device\Harddisk2\DR4:
19:06:47.0734 2620	MBR partitions:
19:06:47.0734 2620	\Device\Harddisk2\DR4\Partition0: MBR, Type 0x6, StartLBA 0x1F0, BlocksNum 0x3D3E10
19:06:47.0734 2620	============================================================
19:06:47.0734 2620	D: <-> \Device\Harddisk1\DR1\Partition0
19:06:47.0765 2620	C: <-> \Device\Harddisk0\DR0\Partition0
19:06:47.0765 2620	============================================================
19:06:47.0765 2620	Initialize success
19:06:47.0765 2620	============================================================
19:07:59.0984 1996	============================================================
19:07:59.0984 1996	Scan started
19:07:59.0984 1996	Mode: Manual; SigCheck; TDLFS; 
19:07:59.0984 1996	============================================================
19:08:00.0640 1996	A2DDA - ok
19:08:00.0671 1996	a2injectiondriver - ok
19:08:00.0671 1996	a2util - ok
19:08:00.0828 1996	Abiosdsk - ok
19:08:00.0828 1996	abp480n5 - ok
19:08:00.0953 1996	ACDaemon - ok
19:08:01.0031 1996	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:08:02.0031 1996	ACPI ( UnsignedFile.Multi.Generic ) - warning
19:08:02.0031 1996	ACPI - detected UnsignedFile.Multi.Generic (1)
19:08:02.0093 1996	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:08:02.0109 1996	ACPIEC ( UnsignedFile.Multi.Generic ) - warning
19:08:02.0109 1996	ACPIEC - detected UnsignedFile.Multi.Generic (1)
19:08:02.0109 1996	adpu160m - ok
19:08:02.0171 1996	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:08:02.0187 1996	aec ( UnsignedFile.Multi.Generic ) - warning
19:08:02.0187 1996	aec - detected UnsignedFile.Multi.Generic (1)
19:08:02.0250 1996	Afc             (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
19:08:02.0406 1996	Afc - ok
19:08:02.0468 1996	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:08:02.0484 1996	AFD ( UnsignedFile.Multi.Generic ) - warning
19:08:02.0484 1996	AFD - detected UnsignedFile.Multi.Generic (1)
19:08:02.0484 1996	Aha154x - ok
19:08:02.0500 1996	aic78u2 - ok
19:08:02.0515 1996	aic78xx - ok
19:08:02.0578 1996	akshasp         (d5987b854a62867d399a3d3d744547e5) C:\WINDOWS\system32\DRIVERS\akshasp.sys
19:08:02.0593 1996	akshasp ( UnsignedFile.Multi.Generic ) - warning
19:08:02.0593 1996	akshasp - detected UnsignedFile.Multi.Generic (1)
19:08:02.0656 1996	aksusb          (25c07de96a774622001935e36693c9c2) C:\WINDOWS\system32\DRIVERS\aksusb.sys
19:08:02.0656 1996	aksusb ( UnsignedFile.Multi.Generic ) - warning
19:08:02.0656 1996	aksusb - detected UnsignedFile.Multi.Generic (1)
19:08:02.0703 1996	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
19:08:02.0718 1996	Alerter ( UnsignedFile.Multi.Generic ) - warning
19:08:02.0718 1996	Alerter - detected UnsignedFile.Multi.Generic (1)
19:08:02.0718 1996	ALG - ok
19:08:02.0718 1996	AliIde - ok
19:08:02.0750 1996	AmdK8           (22ad3ec1f0486c863d70cdd50b97761b) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
19:08:02.0750 1996	AmdK8 ( UnsignedFile.Multi.Generic ) - warning
19:08:02.0750 1996	AmdK8 - detected UnsignedFile.Multi.Generic (1)
19:08:02.0750 1996	amsint - ok
19:08:02.0796 1996	ApfiltrService  (27d224b1b4990984c4aafbe5bfe9a357) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
19:08:02.0796 1996	ApfiltrService ( UnsignedFile.Multi.Generic ) - warning
19:08:02.0796 1996	ApfiltrService - detected UnsignedFile.Multi.Generic (1)
19:08:02.0859 1996	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
19:08:02.0875 1996	AppMgmt ( UnsignedFile.Multi.Generic ) - warning
19:08:02.0875 1996	AppMgmt - detected UnsignedFile.Multi.Generic (1)
19:08:02.0921 1996	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:08:02.0921 1996	Arp1394 ( UnsignedFile.Multi.Generic ) - warning
19:08:02.0921 1996	Arp1394 - detected UnsignedFile.Multi.Generic (1)
19:08:02.0937 1996	asc - ok
19:08:02.0937 1996	asc3350p - ok
19:08:02.0937 1996	asc3550 - ok
19:08:03.0093 1996	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:08:03.0156 1996	aspnet_state - ok
19:08:03.0187 1996	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:08:03.0218 1996	AsyncMac ( UnsignedFile.Multi.Generic ) - warning
19:08:03.0218 1996	AsyncMac - detected UnsignedFile.Multi.Generic (1)
19:08:03.0250 1996	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:08:03.0281 1996	atapi ( UnsignedFile.Multi.Generic ) - warning
19:08:03.0281 1996	atapi - detected UnsignedFile.Multi.Generic (1)
19:08:03.0281 1996	Atdisk - ok
19:08:03.0328 1996	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:08:03.0328 1996	Atmarpc ( UnsignedFile.Multi.Generic ) - warning
19:08:03.0328 1996	Atmarpc - detected UnsignedFile.Multi.Generic (1)
19:08:03.0390 1996	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
19:08:03.0390 1996	AudioSrv ( UnsignedFile.Multi.Generic ) - warning
19:08:03.0390 1996	AudioSrv - detected UnsignedFile.Multi.Generic (1)
19:08:03.0453 1996	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:08:03.0468 1996	audstub ( UnsignedFile.Multi.Generic ) - warning
19:08:03.0468 1996	audstub - detected UnsignedFile.Multi.Generic (1)
19:08:03.0515 1996	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:08:03.0515 1996	Beep ( UnsignedFile.Multi.Generic ) - warning
19:08:03.0515 1996	Beep - detected UnsignedFile.Multi.Generic (1)
19:08:03.0531 1996	BHDrvx86 - ok
19:08:03.0625 1996	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
19:08:03.0703 1996	BITS ( UnsignedFile.Multi.Generic ) - warning
19:08:03.0703 1996	BITS - detected UnsignedFile.Multi.Generic (1)
19:08:03.0750 1996	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
19:08:03.0765 1996	Browser ( UnsignedFile.Multi.Generic ) - warning
19:08:03.0765 1996	Browser - detected UnsignedFile.Multi.Generic (1)
19:08:03.0781 1996	BthEnum         (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
19:08:03.0781 1996	BthEnum ( UnsignedFile.Multi.Generic ) - warning
19:08:03.0781 1996	BthEnum - detected UnsignedFile.Multi.Generic (1)
19:08:03.0812 1996	BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
19:08:03.0828 1996	BthPan ( UnsignedFile.Multi.Generic ) - warning
19:08:03.0828 1996	BthPan - detected UnsignedFile.Multi.Generic (1)
19:08:03.0906 1996	BTHPORT         (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
19:08:03.0921 1996	BTHPORT ( UnsignedFile.Multi.Generic ) - warning
19:08:03.0921 1996	BTHPORT - detected UnsignedFile.Multi.Generic (1)
19:08:03.0968 1996	BthServ         (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll
19:08:03.0968 1996	BthServ ( UnsignedFile.Multi.Generic ) - warning
19:08:03.0968 1996	BthServ - detected UnsignedFile.Multi.Generic (1)
19:08:04.0000 1996	BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
19:08:04.0015 1996	BTHUSB ( UnsignedFile.Multi.Generic ) - warning
19:08:04.0015 1996	BTHUSB - detected UnsignedFile.Multi.Generic (1)
19:08:04.0062 1996	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:08:04.0078 1996	cbidf2k ( UnsignedFile.Multi.Generic ) - warning
19:08:04.0078 1996	cbidf2k - detected UnsignedFile.Multi.Generic (1)
19:08:04.0187 1996	CCALib8         (5753532c476b83119d85aa43b1b10ab3) C:\Programme\Canon\CAL\CALMAIN.exe
19:08:04.0203 1996	CCALib8 ( UnsignedFile.Multi.Generic ) - warning
19:08:04.0203 1996	CCALib8 - detected UnsignedFile.Multi.Generic (1)
19:08:04.0203 1996	ccHP - ok
19:08:04.0218 1996	cd20xrnt - ok
19:08:04.0234 1996	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:08:04.0234 1996	Cdaudio ( UnsignedFile.Multi.Generic ) - warning
19:08:04.0234 1996	Cdaudio - detected UnsignedFile.Multi.Generic (1)
19:08:04.0281 1996	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:08:04.0296 1996	Cdfs ( UnsignedFile.Multi.Generic ) - warning
19:08:04.0296 1996	Cdfs - detected UnsignedFile.Multi.Generic (1)
19:08:04.0343 1996	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:08:04.0359 1996	Cdrom ( UnsignedFile.Multi.Generic ) - warning
19:08:04.0359 1996	Cdrom - detected UnsignedFile.Multi.Generic (1)
19:08:04.0359 1996	Changer - ok
19:08:04.0390 1996	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
19:08:04.0390 1996	CiSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:04.0390 1996	CiSvc - detected UnsignedFile.Multi.Generic (1)
19:08:04.0421 1996	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
19:08:04.0421 1996	ClipSrv ( UnsignedFile.Multi.Generic ) - warning
19:08:04.0421 1996	ClipSrv - detected UnsignedFile.Multi.Generic (1)
19:08:04.0578 1996	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:08:04.0656 1996	clr_optimization_v2.0.50727_32 - ok
19:08:04.0734 1996	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:08:04.0765 1996	clr_optimization_v4.0.30319_32 - ok
19:08:04.0781 1996	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:08:04.0781 1996	CmBatt ( UnsignedFile.Multi.Generic ) - warning
19:08:04.0781 1996	CmBatt - detected UnsignedFile.Multi.Generic (1)
19:08:04.0796 1996	CmdIde - ok
19:08:04.0812 1996	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:08:04.0812 1996	Compbatt ( UnsignedFile.Multi.Generic ) - warning
19:08:04.0812 1996	Compbatt - detected UnsignedFile.Multi.Generic (1)
19:08:04.0812 1996	COMSysApp - ok
19:08:04.0843 1996	Cpqarray - ok
19:08:04.0906 1996	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
19:08:04.0906 1996	CryptSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:04.0906 1996	CryptSvc - detected UnsignedFile.Multi.Generic (1)
19:08:04.0921 1996	dac2w2k - ok
19:08:04.0937 1996	dac960nt - ok
19:08:05.0015 1996	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
19:08:05.0078 1996	DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0078 1996	DcomLaunch - detected UnsignedFile.Multi.Generic (1)
19:08:05.0125 1996	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
19:08:05.0140 1996	Dhcp ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0140 1996	Dhcp - detected UnsignedFile.Multi.Generic (1)
19:08:05.0171 1996	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:08:05.0187 1996	Disk ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0187 1996	Disk - detected UnsignedFile.Multi.Generic (1)
19:08:05.0187 1996	dmadmin - ok
19:08:05.0281 1996	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
19:08:05.0390 1996	dmboot ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0390 1996	dmboot - detected UnsignedFile.Multi.Generic (1)
19:08:05.0437 1996	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
19:08:05.0453 1996	dmio ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0453 1996	dmio - detected UnsignedFile.Multi.Generic (1)
19:08:05.0500 1996	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:08:05.0500 1996	dmload ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0500 1996	dmload - detected UnsignedFile.Multi.Generic (1)
19:08:05.0531 1996	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
19:08:05.0546 1996	dmserver ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0546 1996	dmserver - detected UnsignedFile.Multi.Generic (1)
19:08:05.0609 1996	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:08:05.0609 1996	DMusic ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0609 1996	DMusic - detected UnsignedFile.Multi.Generic (1)
19:08:05.0671 1996	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
19:08:05.0671 1996	Dnscache ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0671 1996	Dnscache - detected UnsignedFile.Multi.Generic (1)
19:08:05.0734 1996	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
19:08:05.0734 1996	Dot3svc ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0734 1996	Dot3svc - detected UnsignedFile.Multi.Generic (1)
19:08:05.0750 1996	dpti2o - ok
19:08:05.0781 1996	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:08:05.0781 1996	drmkaud ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0781 1996	drmkaud - detected UnsignedFile.Multi.Generic (1)
19:08:05.0843 1996	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
19:08:05.0843 1996	EapHost ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0843 1996	EapHost - detected UnsignedFile.Multi.Generic (1)
19:08:05.0937 1996	eeCtrl - ok
19:08:05.0953 1996	EraserUtilRebootDrv - ok
19:08:05.0953 1996	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
19:08:05.0968 1996	ERSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0968 1996	ERSvc - detected UnsignedFile.Multi.Generic (1)
19:08:05.0984 1996	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
19:08:06.0000 1996	Eventlog ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0000 1996	Eventlog - detected UnsignedFile.Multi.Generic (1)
19:08:06.0046 1996	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
19:08:06.0062 1996	EventSystem ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0062 1996	EventSystem - detected UnsignedFile.Multi.Generic (1)
19:08:06.0078 1996	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:08:06.0093 1996	Fastfat ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0093 1996	Fastfat - detected UnsignedFile.Multi.Generic (1)
19:08:06.0125 1996	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
19:08:06.0140 1996	FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0140 1996	FastUserSwitchingCompatibility - detected UnsignedFile.Multi.Generic (1)
19:08:06.0140 1996	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:08:06.0156 1996	Fdc ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0156 1996	Fdc - detected UnsignedFile.Multi.Generic (1)
19:08:06.0171 1996	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
19:08:06.0171 1996	Fips ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0171 1996	Fips - detected UnsignedFile.Multi.Generic (1)
19:08:06.0234 1996	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:08:06.0234 1996	Flpydisk ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0234 1996	Flpydisk - detected UnsignedFile.Multi.Generic (1)
19:08:06.0296 1996	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:08:06.0296 1996	FltMgr ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0296 1996	FltMgr - detected UnsignedFile.Multi.Generic (1)
19:08:06.0421 1996	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:08:06.0453 1996	FontCache3.0.0.0 - ok
19:08:06.0500 1996	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:08:06.0500 1996	Fs_Rec ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0500 1996	Fs_Rec - detected UnsignedFile.Multi.Generic (1)
19:08:06.0515 1996	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:08:06.0531 1996	Ftdisk ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0531 1996	Ftdisk - detected UnsignedFile.Multi.Generic (1)
19:08:06.0562 1996	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:08:06.0578 1996	Gpc ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0578 1996	Gpc - detected UnsignedFile.Multi.Generic (1)
19:08:06.0671 1996	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
19:08:06.0687 1996	gupdate - ok
19:08:06.0703 1996	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
19:08:06.0734 1996	gupdatem - ok
19:08:06.0796 1996	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
19:08:06.0828 1996	gusvc - ok
19:08:06.0921 1996	Hardlock        (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
19:08:06.0984 1996	Hardlock ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0984 1996	Hardlock - detected UnsignedFile.Multi.Generic (1)
19:08:07.0031 1996	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:08:07.0046 1996	HDAudBus ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0046 1996	HDAudBus - detected UnsignedFile.Multi.Generic (1)
19:08:07.0093 1996	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:08:07.0093 1996	helpsvc ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0093 1996	helpsvc - detected UnsignedFile.Multi.Generic (1)
19:08:07.0125 1996	HidIr           (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
19:08:07.0140 1996	HidIr ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0140 1996	HidIr - detected UnsignedFile.Multi.Generic (1)
19:08:07.0171 1996	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
19:08:07.0171 1996	HidServ ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0171 1996	HidServ - detected UnsignedFile.Multi.Generic (1)
19:08:07.0218 1996	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:08:07.0218 1996	hidusb ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0218 1996	hidusb - detected UnsignedFile.Multi.Generic (1)
19:08:07.0281 1996	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
19:08:07.0296 1996	hkmsvc ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0296 1996	hkmsvc - detected UnsignedFile.Multi.Generic (1)
19:08:07.0328 1996	HLServer        (83d94511c0910b1bcdd4b087d993a04c) C:\WINDOWS\system32\HLS32SVC.EXE
19:08:07.0375 1996	HLServer ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0375 1996	HLServer - detected UnsignedFile.Multi.Generic (1)
19:08:07.0375 1996	hpn - ok
19:08:07.0609 1996	hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
19:08:07.0640 1996	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0640 1996	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
19:08:07.0687 1996	hpqddsvc        (ee4c7a4cf2316701ffde90f404520265) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
19:08:07.0687 1996	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0687 1996	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
19:08:07.0750 1996	HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:08:07.0750 1996	HPZid412 ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0750 1996	HPZid412 - detected UnsignedFile.Multi.Generic (1)
19:08:07.0812 1996	HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:08:07.0812 1996	HPZipr12 ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0812 1996	HPZipr12 - detected UnsignedFile.Multi.Generic (1)
19:08:07.0859 1996	HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:08:07.0875 1996	HPZius12 ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0875 1996	HPZius12 - detected UnsignedFile.Multi.Generic (1)
19:08:07.0984 1996	HSF_DPV         (068734475cedd18ca52dd99c8fefe43b) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
19:08:08.0078 1996	HSF_DPV ( UnsignedFile.Multi.Generic ) - warning
19:08:08.0078 1996	HSF_DPV - detected UnsignedFile.Multi.Generic (1)
19:08:08.0109 1996	HSXHWAZL        (ae5e2bbb2b9373b72aad801a749de1f0) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
19:08:08.0125 1996	HSXHWAZL ( UnsignedFile.Multi.Generic ) - warning
19:08:08.0125 1996	HSXHWAZL - detected UnsignedFile.Multi.Generic (1)
19:08:08.0187 1996	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:08:08.0234 1996	HTTP ( UnsignedFile.Multi.Generic ) - warning
19:08:08.0234 1996	HTTP - detected UnsignedFile.Multi.Generic (1)
19:08:08.0281 1996	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
19:08:08.0296 1996	HTTPFilter ( UnsignedFile.Multi.Generic ) - warning
19:08:08.0296 1996	HTTPFilter - detected UnsignedFile.Multi.Generic (1)
19:08:08.0296 1996	i2omgmt - ok
19:08:08.0312 1996	i2omp - ok
19:08:08.0359 1996	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:08:08.0359 1996	i8042prt ( UnsignedFile.Multi.Generic ) - warning
19:08:08.0359 1996	i8042prt - detected UnsignedFile.Multi.Generic (1)
19:08:08.0578 1996	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:08:08.0765 1996	idsvc - ok
19:08:08.0890 1996	IDSxpx86 - ok
19:08:08.0906 1996	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:08:08.0906 1996	Imapi ( UnsignedFile.Multi.Generic ) - warning
19:08:08.0906 1996	Imapi - detected UnsignedFile.Multi.Generic (1)
19:08:08.0968 1996	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
19:08:08.0968 1996	ImapiService ( UnsignedFile.Multi.Generic ) - warning
19:08:08.0968 1996	ImapiService - detected UnsignedFile.Multi.Generic (1)
19:08:08.0984 1996	ini910u - ok
19:08:09.0312 1996	IntcAzAudAddService (a5d5b8c427f4b67580fb2b511291a89d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:08:09.0640 1996	IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - warning
19:08:09.0640 1996	IntcAzAudAddService - detected UnsignedFile.Multi.Generic (1)
19:08:09.0781 1996	IntelIde - ok
19:08:09.0828 1996	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:08:09.0843 1996	Ip6Fw ( UnsignedFile.Multi.Generic ) - warning
19:08:09.0843 1996	Ip6Fw - detected UnsignedFile.Multi.Generic (1)
19:08:09.0890 1996	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:08:09.0890 1996	IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
19:08:09.0890 1996	IpFilterDriver - detected UnsignedFile.Multi.Generic (1)
19:08:09.0921 1996	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:08:09.0937 1996	IpInIp ( UnsignedFile.Multi.Generic ) - warning
19:08:09.0937 1996	IpInIp - detected UnsignedFile.Multi.Generic (1)
19:08:09.0968 1996	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:08:09.0984 1996	IpNat ( UnsignedFile.Multi.Generic ) - warning
19:08:09.0984 1996	IpNat - detected UnsignedFile.Multi.Generic (1)
19:08:10.0031 1996	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:08:10.0046 1996	IPSec ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0046 1996	IPSec - detected UnsignedFile.Multi.Generic (1)
19:08:10.0078 1996	IrBus           (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
19:08:10.0078 1996	IrBus ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0078 1996	IrBus - detected UnsignedFile.Multi.Generic (1)
19:08:10.0078 1996	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:08:10.0093 1996	IRENUM ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0093 1996	IRENUM - detected UnsignedFile.Multi.Generic (1)
19:08:10.0125 1996	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:08:10.0125 1996	isapnp ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0125 1996	isapnp - detected UnsignedFile.Multi.Generic (1)
19:08:10.0296 1996	JavaQuickStarterService - ok
19:08:10.0343 1996	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:08:10.0343 1996	Kbdclass ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0343 1996	Kbdclass - detected UnsignedFile.Multi.Generic (1)
19:08:10.0390 1996	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:08:10.0406 1996	kbdhid ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0406 1996	kbdhid - detected UnsignedFile.Multi.Generic (1)
19:08:10.0437 1996	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:08:10.0453 1996	kmixer ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0453 1996	kmixer - detected UnsignedFile.Multi.Generic (1)
19:08:10.0515 1996	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:08:10.0531 1996	KSecDD ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0531 1996	KSecDD - detected UnsignedFile.Multi.Generic (1)
19:08:10.0578 1996	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
19:08:10.0593 1996	lanmanserver ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0593 1996	lanmanserver - detected UnsignedFile.Multi.Generic (1)
19:08:10.0656 1996	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
19:08:10.0703 1996	lanmanworkstation ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0703 1996	lanmanworkstation - detected UnsignedFile.Multi.Generic (1)
19:08:10.0703 1996	lbrtfdc - ok
19:08:10.0750 1996	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
19:08:10.0750 1996	LmHosts ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0750 1996	LmHosts - detected UnsignedFile.Multi.Generic (1)
19:08:10.0859 1996	MACNDIS5        (e949d673842858d458f7e6bcd46a2a5d) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
19:08:10.0859 1996	MACNDIS5 ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0859 1996	MACNDIS5 - detected UnsignedFile.Multi.Generic (1)
19:08:10.0921 1996	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
19:08:10.0953 1996	MBAMProtector - ok
19:08:11.0093 1996	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
19:08:11.0187 1996	MBAMService - ok
19:08:11.0281 1996	McrdSvc         (52404cc76e9d53843bdf97564bb16bed) C:\WINDOWS\ehome\mcrdsvc.exe
19:08:11.0296 1996	McrdSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:11.0296 1996	McrdSvc - detected UnsignedFile.Multi.Generic (1)
19:08:11.0375 1996	MDM             (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
19:08:11.0437 1996	MDM - ok
19:08:11.0468 1996	mdmxsdk         (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:08:11.0468 1996	mdmxsdk ( UnsignedFile.Multi.Generic ) - warning
19:08:11.0468 1996	mdmxsdk - detected UnsignedFile.Multi.Generic (1)
19:08:11.0531 1996	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
19:08:11.0531 1996	Messenger ( UnsignedFile.Multi.Generic ) - warning
19:08:11.0531 1996	Messenger - detected UnsignedFile.Multi.Generic (1)
19:08:11.0578 1996	MHN             (ded60230e3019c508769ec3c15bcda44) C:\WINDOWS\System32\mhn.dll
19:08:11.0593 1996	MHN ( UnsignedFile.Multi.Generic ) - warning
19:08:11.0593 1996	MHN - detected UnsignedFile.Multi.Generic (1)
19:08:11.0609 1996	MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:08:11.0609 1996	MHNDRV ( UnsignedFile.Multi.Generic ) - warning
19:08:11.0609 1996	MHNDRV - detected UnsignedFile.Multi.Generic (1)
19:08:11.0750 1996	Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
19:08:11.0781 1996	Microsoft Office Groove Audit Service - ok
19:08:11.0796 1996	MIINPazX        (5e5024d9e2351db2563b30912b4c4146) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
19:08:11.0812 1996	MIINPazX ( UnsignedFile.Multi.Generic ) - warning
19:08:11.0812 1996	MIINPazX - detected UnsignedFile.Multi.Generic (1)
19:08:11.0859 1996	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:08:11.0859 1996	mnmdd ( UnsignedFile.Multi.Generic ) - warning
19:08:11.0859 1996	mnmdd - detected UnsignedFile.Multi.Generic (1)
19:08:11.0906 1996	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
19:08:11.0921 1996	mnmsrvc ( UnsignedFile.Multi.Generic ) - warning
19:08:11.0921 1996	mnmsrvc - detected UnsignedFile.Multi.Generic (1)
19:08:11.0968 1996	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
19:08:11.0984 1996	Modem ( UnsignedFile.Multi.Generic ) - warning
19:08:11.0984 1996	Modem - detected UnsignedFile.Multi.Generic (1)
19:08:12.0000 1996	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:08:12.0015 1996	Mouclass ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0015 1996	Mouclass - detected UnsignedFile.Multi.Generic (1)
19:08:12.0062 1996	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:08:12.0062 1996	mouhid ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0062 1996	mouhid - detected UnsignedFile.Multi.Generic (1)
19:08:12.0093 1996	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:08:12.0093 1996	MountMgr ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0093 1996	MountMgr - detected UnsignedFile.Multi.Generic (1)
19:08:12.0156 1996	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:08:12.0218 1996	MozillaMaintenance - ok
19:08:12.0218 1996	mraid35x - ok
19:08:12.0296 1996	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:08:12.0312 1996	MRxDAV ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0312 1996	MRxDAV - detected UnsignedFile.Multi.Generic (1)
19:08:12.0390 1996	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:08:12.0421 1996	MRxSmb ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0421 1996	MRxSmb - detected UnsignedFile.Multi.Generic (1)
19:08:12.0453 1996	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
19:08:12.0468 1996	MSDTC ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0468 1996	MSDTC - detected UnsignedFile.Multi.Generic (1)
19:08:12.0484 1996	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:08:12.0500 1996	Msfs ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0500 1996	Msfs - detected UnsignedFile.Multi.Generic (1)
19:08:12.0500 1996	MSIServer - ok
19:08:12.0546 1996	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:08:12.0546 1996	MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0546 1996	MSKSSRV - detected UnsignedFile.Multi.Generic (1)
19:08:12.0562 1996	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:08:12.0562 1996	MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0562 1996	MSPCLOCK - detected UnsignedFile.Multi.Generic (1)
19:08:12.0578 1996	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:08:12.0578 1996	MSPQM ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0578 1996	MSPQM - detected UnsignedFile.Multi.Generic (1)
19:08:12.0656 1996	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:08:12.0656 1996	mssmbios ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0656 1996	mssmbios - detected UnsignedFile.Multi.Generic (1)
19:08:12.0781 1996	MTOnlPktAlyX    (493138c4f4119e938427da02486f09cb) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
19:08:12.0796 1996	MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0796 1996	MTOnlPktAlyX - detected UnsignedFile.Multi.Generic (1)
19:08:12.0812 1996	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:08:12.0812 1996	Mup ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0812 1996	Mup - detected UnsignedFile.Multi.Generic (1)
19:08:12.0828 1996	MZCCntrl - ok
19:08:12.0921 1996	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
19:08:12.0937 1996	napagent ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0937 1996	napagent - detected UnsignedFile.Multi.Generic (1)
19:08:13.0062 1996	NAVENG - ok
19:08:13.0078 1996	NAVEX15 - ok
19:08:13.0093 1996	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:08:13.0093 1996	NDIS ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0093 1996	NDIS - detected UnsignedFile.Multi.Generic (1)
19:08:13.0140 1996	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:08:13.0140 1996	NdisTapi ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0140 1996	NdisTapi - detected UnsignedFile.Multi.Generic (1)
19:08:13.0156 1996	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:08:13.0156 1996	Ndisuio ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0156 1996	Ndisuio - detected UnsignedFile.Multi.Generic (1)
19:08:13.0187 1996	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:08:13.0187 1996	NdisWan ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0187 1996	NdisWan - detected UnsignedFile.Multi.Generic (1)
19:08:13.0234 1996	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:08:13.0234 1996	NDProxy ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0234 1996	NDProxy - detected UnsignedFile.Multi.Generic (1)
19:08:13.0281 1996	Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
19:08:13.0281 1996	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0281 1996	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:08:13.0312 1996	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:08:13.0312 1996	NetBIOS ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0312 1996	NetBIOS - detected UnsignedFile.Multi.Generic (1)
19:08:13.0328 1996	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:08:13.0343 1996	NetBT ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0343 1996	NetBT - detected UnsignedFile.Multi.Generic (1)
19:08:13.0406 1996	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
19:08:13.0421 1996	NetDDE ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0421 1996	NetDDE - detected UnsignedFile.Multi.Generic (1)
19:08:13.0421 1996	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
19:08:13.0421 1996	NetDDEdsdm ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0421 1996	NetDDEdsdm - detected UnsignedFile.Multi.Generic (1)
19:08:13.0484 1996	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:08:13.0484 1996	Netlogon ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0484 1996	Netlogon - detected UnsignedFile.Multi.Generic (1)
19:08:13.0531 1996	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
19:08:13.0546 1996	Netman ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0546 1996	Netman - detected UnsignedFile.Multi.Generic (1)
19:08:13.0640 1996	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:08:13.0656 1996	NetTcpPortSharing - ok
19:08:13.0671 1996	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:08:13.0687 1996	NIC1394 ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0687 1996	NIC1394 - detected UnsignedFile.Multi.Generic (1)
19:08:13.0734 1996	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
19:08:13.0750 1996	Nla ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0750 1996	Nla - detected UnsignedFile.Multi.Generic (1)
19:08:13.0796 1996	nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
19:08:13.0812 1996	nm ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0812 1996	nm - detected UnsignedFile.Multi.Generic (1)
19:08:13.0921 1996	Norton Internet Security - ok
19:08:13.0921 1996	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:08:13.0921 1996	Npfs ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0921 1996	Npfs - detected UnsignedFile.Multi.Generic (1)
19:08:13.0968 1996	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:08:14.0015 1996	Ntfs ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0015 1996	Ntfs - detected UnsignedFile.Multi.Generic (1)
19:08:14.0031 1996	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:08:14.0031 1996	NtLmSsp ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0031 1996	NtLmSsp - detected UnsignedFile.Multi.Generic (1)
19:08:14.0093 1996	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
19:08:14.0125 1996	NtmsSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0125 1996	NtmsSvc - detected UnsignedFile.Multi.Generic (1)
19:08:14.0171 1996	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:08:14.0187 1996	Null ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0187 1996	Null - detected UnsignedFile.Multi.Generic (1)
19:08:14.0421 1996	nv              (cb5aaab10c8392cd49733d92a9930441) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:08:14.0750 1996	nv ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0750 1996	nv - detected UnsignedFile.Multi.Generic (1)
19:08:14.0921 1996	NVENETFD        (447cf6e09ceca96eaf5772d465cca344) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:08:14.0921 1996	NVENETFD ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0921 1996	NVENETFD - detected UnsignedFile.Multi.Generic (1)
19:08:14.0968 1996	nvnetbus        (ef04d5a268f5d44422795f9c013fbc8a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:08:14.0984 1996	nvnetbus ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0984 1996	nvnetbus - detected UnsignedFile.Multi.Generic (1)
19:08:15.0031 1996	nvsmu           (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
19:08:15.0031 1996	nvsmu ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0031 1996	nvsmu - detected UnsignedFile.Multi.Generic (1)
19:08:15.0062 1996	NVSvc           (4003c6079f403d3409e800df8f32d5d4) C:\WINDOWS\system32\nvsvc32.exe
19:08:15.0062 1996	NVSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0062 1996	NVSvc - detected UnsignedFile.Multi.Generic (1)
19:08:15.0109 1996	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:08:15.0109 1996	NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0109 1996	NwlnkFlt - detected UnsignedFile.Multi.Generic (1)
19:08:15.0125 1996	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:08:15.0140 1996	NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0140 1996	NwlnkFwd - detected UnsignedFile.Multi.Generic (1)
19:08:15.0296 1996	odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
19:08:15.0343 1996	odserv - ok
19:08:15.0375 1996	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:08:15.0390 1996	ohci1394 ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0390 1996	ohci1394 - detected UnsignedFile.Multi.Generic (1)
19:08:15.0453 1996	ose             (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
19:08:15.0468 1996	ose - ok
19:08:15.0515 1996	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
19:08:15.0515 1996	Parport ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0515 1996	Parport - detected UnsignedFile.Multi.Generic (1)
19:08:15.0562 1996	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:08:15.0562 1996	PartMgr ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0562 1996	PartMgr - detected UnsignedFile.Multi.Generic (1)
19:08:15.0609 1996	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
19:08:15.0609 1996	ParVdm ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0609 1996	ParVdm - detected UnsignedFile.Multi.Generic (1)
19:08:15.0671 1996	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
19:08:15.0671 1996	PCI ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0671 1996	PCI - detected UnsignedFile.Multi.Generic (1)
19:08:15.0671 1996	PCIDump - ok
19:08:15.0718 1996	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:08:15.0734 1996	PCIIde ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0734 1996	PCIIde - detected UnsignedFile.Multi.Generic (1)
19:08:15.0750 1996	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:08:15.0765 1996	Pcmcia ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0765 1996	Pcmcia - detected UnsignedFile.Multi.Generic (1)
19:08:15.0765 1996	PDCOMP - ok
19:08:15.0765 1996	PDFRAME - ok
19:08:15.0781 1996	PDRELI - ok
19:08:15.0781 1996	PDRFRAME - ok
19:08:15.0781 1996	perc2 - ok
19:08:15.0796 1996	perc2hib - ok
19:08:15.0859 1996	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
19:08:15.0859 1996	PlugPlay ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0859 1996	PlugPlay - detected UnsignedFile.Multi.Generic (1)
19:08:15.0906 1996	Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
19:08:15.0921 1996	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0921 1996	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:08:15.0953 1996	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:08:15.0968 1996	PolicyAgent ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0968 1996	PolicyAgent - detected UnsignedFile.Multi.Generic (1)
19:08:16.0015 1996	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:08:16.0015 1996	PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0015 1996	PptpMiniport - detected UnsignedFile.Multi.Generic (1)
19:08:16.0046 1996	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
19:08:16.0046 1996	Processor ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0046 1996	Processor - detected UnsignedFile.Multi.Generic (1)
19:08:16.0046 1996	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:08:16.0046 1996	ProtectedStorage ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0046 1996	ProtectedStorage - detected UnsignedFile.Multi.Generic (1)
19:08:16.0062 1996	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:08:16.0078 1996	PSched ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0078 1996	PSched - detected UnsignedFile.Multi.Generic (1)
19:08:16.0125 1996	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:08:16.0125 1996	Ptilink ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0125 1996	Ptilink - detected UnsignedFile.Multi.Generic (1)
19:08:16.0156 1996	PxHelp20        (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:08:16.0156 1996	PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0156 1996	PxHelp20 - detected UnsignedFile.Multi.Generic (1)
19:08:16.0156 1996	ql1080 - ok
19:08:16.0171 1996	Ql10wnt - ok
19:08:16.0171 1996	ql12160 - ok
19:08:16.0187 1996	ql1240 - ok
19:08:16.0187 1996	ql1280 - ok
19:08:16.0218 1996	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:08:16.0218 1996	RasAcd ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0218 1996	RasAcd - detected UnsignedFile.Multi.Generic (1)
19:08:16.0265 1996	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
19:08:16.0281 1996	RasAuto ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0281 1996	RasAuto - detected UnsignedFile.Multi.Generic (1)
19:08:16.0296 1996	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:08:16.0296 1996	Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0296 1996	Rasl2tp - detected UnsignedFile.Multi.Generic (1)
19:08:16.0359 1996	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
19:08:16.0359 1996	RasMan ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0359 1996	RasMan - detected UnsignedFile.Multi.Generic (1)
19:08:16.0375 1996	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:08:16.0375 1996	RasPppoe ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0375 1996	RasPppoe - detected UnsignedFile.Multi.Generic (1)
19:08:16.0390 1996	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:08:16.0390 1996	Raspti ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0390 1996	Raspti - detected UnsignedFile.Multi.Generic (1)
19:08:16.0421 1996	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:08:16.0421 1996	Rdbss ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0421 1996	Rdbss - detected UnsignedFile.Multi.Generic (1)
19:08:16.0437 1996	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:08:16.0437 1996	RDPCDD ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0437 1996	RDPCDD - detected UnsignedFile.Multi.Generic (1)
19:08:16.0453 1996	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:08:16.0468 1996	rdpdr ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0468 1996	rdpdr - detected UnsignedFile.Multi.Generic (1)
19:08:16.0515 1996	RDPWD           (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
19:08:16.0671 1996	RDPWD - ok
19:08:16.0734 1996	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
19:08:16.0734 1996	RDSessMgr ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0734 1996	RDSessMgr - detected UnsignedFile.Multi.Generic (1)
19:08:16.0781 1996	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:08:16.0781 1996	redbook ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0781 1996	redbook - detected UnsignedFile.Multi.Generic (1)
19:08:16.0828 1996	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
19:08:16.0828 1996	RemoteAccess ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0828 1996	RemoteAccess - detected UnsignedFile.Multi.Generic (1)
19:08:16.0875 1996	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
19:08:16.0875 1996	RemoteRegistry ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0875 1996	RemoteRegistry - detected UnsignedFile.Multi.Generic (1)
19:08:16.0937 1996	RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
19:08:16.0937 1996	RFCOMM ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0937 1996	RFCOMM - detected UnsignedFile.Multi.Generic (1)
19:08:16.0984 1996	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
19:08:16.0984 1996	RpcLocator ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0984 1996	RpcLocator - detected UnsignedFile.Multi.Generic (1)
19:08:17.0046 1996	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
19:08:17.0062 1996	RpcSs ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0062 1996	RpcSs - detected UnsignedFile.Multi.Generic (1)
19:08:17.0140 1996	rspndr          (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys
19:08:17.0140 1996	rspndr ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0140 1996	rspndr - detected UnsignedFile.Multi.Generic (1)
19:08:17.0187 1996	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
19:08:17.0203 1996	RSVP ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0203 1996	RSVP - detected UnsignedFile.Multi.Generic (1)
19:08:17.0218 1996	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:08:17.0218 1996	SamSs ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0218 1996	SamSs - detected UnsignedFile.Multi.Generic (1)
19:08:17.0250 1996	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
19:08:17.0265 1996	SCardSvr ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0265 1996	SCardSvr - detected UnsignedFile.Multi.Generic (1)
19:08:17.0296 1996	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
19:08:17.0296 1996	Schedule ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0296 1996	Schedule - detected UnsignedFile.Multi.Generic (1)
19:08:17.0359 1996	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:08:17.0359 1996	Secdrv ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0359 1996	Secdrv - detected UnsignedFile.Multi.Generic (1)
19:08:17.0375 1996	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
19:08:17.0375 1996	seclogon ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0375 1996	seclogon - detected UnsignedFile.Multi.Generic (1)
19:08:17.0390 1996	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
19:08:17.0390 1996	SENS ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0390 1996	SENS - detected UnsignedFile.Multi.Generic (1)
19:08:17.0406 1996	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
19:08:17.0421 1996	Serial ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0421 1996	Serial - detected UnsignedFile.Multi.Generic (1)
19:08:17.0453 1996	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:08:17.0468 1996	Sfloppy ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0468 1996	Sfloppy - detected UnsignedFile.Multi.Generic (1)
19:08:17.0531 1996	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
19:08:17.0546 1996	SharedAccess ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0546 1996	SharedAccess - detected UnsignedFile.Multi.Generic (1)
19:08:17.0562 1996	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
19:08:17.0578 1996	ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0578 1996	ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
19:08:17.0578 1996	Simbad - ok
19:08:17.0640 1996	SIS163u         (30bed9b9dd98ffeb41af5d5cab972ef7) C:\WINDOWS\system32\DRIVERS\sis163u.sys
19:08:17.0656 1996	SIS163u ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0656 1996	SIS163u - detected UnsignedFile.Multi.Generic (1)
19:08:17.0656 1996	Sparrow - ok
19:08:17.0687 1996	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:08:17.0687 1996	splitter ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0687 1996	splitter - detected UnsignedFile.Multi.Generic (1)
19:08:17.0750 1996	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:08:17.0750 1996	Spooler ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0750 1996	Spooler - detected UnsignedFile.Multi.Generic (1)
19:08:17.0781 1996	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
19:08:17.0781 1996	sr ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0781 1996	sr - detected UnsignedFile.Multi.Generic (1)
19:08:17.0843 1996	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
19:08:17.0843 1996	srservice ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0843 1996	srservice - detected UnsignedFile.Multi.Generic (1)
19:08:17.0843 1996	SRTSP - ok
19:08:17.0859 1996	SRTSPX - ok
19:08:17.0921 1996	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:08:17.0937 1996	Srv ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0937 1996	Srv - detected UnsignedFile.Multi.Generic (1)
19:08:17.0984 1996	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
19:08:18.0000 1996	SSDPSRV ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0000 1996	SSDPSRV - detected UnsignedFile.Multi.Generic (1)
19:08:18.0046 1996	ssmdrv          (71d609c5dff067906d930bde031c4cfe) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:08:18.0046 1996	ssmdrv ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0046 1996	ssmdrv - detected UnsignedFile.Multi.Generic (1)
19:08:18.0109 1996	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
19:08:18.0125 1996	stisvc ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0125 1996	stisvc - detected UnsignedFile.Multi.Generic (1)
19:08:18.0171 1996	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:08:18.0171 1996	swenum ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0171 1996	swenum - detected UnsignedFile.Multi.Generic (1)
19:08:18.0187 1996	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:08:18.0187 1996	swmidi ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0187 1996	swmidi - detected UnsignedFile.Multi.Generic (1)
19:08:18.0187 1996	SwPrv - ok
19:08:18.0203 1996	symc810 - ok
19:08:18.0203 1996	symc8xx - ok
19:08:18.0218 1996	SYMDNS - ok
19:08:18.0218 1996	SymEFA - ok
19:08:18.0218 1996	SymEvent - ok
19:08:18.0234 1996	SYMFW - ok
19:08:18.0234 1996	SYMIDS - ok
19:08:18.0250 1996	SymIM - ok
19:08:18.0250 1996	SymIMMP - ok
19:08:18.0250 1996	SYMNDIS - ok
19:08:18.0265 1996	SYMREDRV - ok
19:08:18.0265 1996	SYMTDI - ok
19:08:18.0281 1996	sym_hi - ok
19:08:18.0281 1996	sym_u3 - ok
19:08:18.0312 1996	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:08:18.0312 1996	sysaudio ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0312 1996	sysaudio - detected UnsignedFile.Multi.Generic (1)
19:08:18.0343 1996	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
19:08:18.0343 1996	SysmonLog ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0343 1996	SysmonLog - detected UnsignedFile.Multi.Generic (1)
19:08:18.0390 1996	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
19:08:18.0390 1996	TapiSrv ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0390 1996	TapiSrv - detected UnsignedFile.Multi.Generic (1)
19:08:18.0484 1996	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:08:18.0500 1996	Tcpip ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0500 1996	Tcpip - detected UnsignedFile.Multi.Generic (1)
19:08:18.0562 1996	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:08:18.0562 1996	TDPIPE ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0562 1996	TDPIPE - detected UnsignedFile.Multi.Generic (1)
19:08:18.0609 1996	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:08:18.0609 1996	TDTCP ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0609 1996	TDTCP - detected UnsignedFile.Multi.Generic (1)
19:08:18.0656 1996	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:08:18.0671 1996	TermDD ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0671 1996	TermDD - detected UnsignedFile.Multi.Generic (1)
19:08:18.0703 1996	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
19:08:18.0703 1996	TermService ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0703 1996	TermService - detected UnsignedFile.Multi.Generic (1)
19:08:18.0765 1996	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
19:08:18.0765 1996	Themes ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0765 1996	Themes - detected UnsignedFile.Multi.Generic (1)
19:08:18.0812 1996	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
19:08:18.0828 1996	TlntSvr ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0828 1996	TlntSvr - detected UnsignedFile.Multi.Generic (1)
19:08:18.0859 1996	toshidpt        (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
19:08:18.0875 1996	toshidpt ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0875 1996	toshidpt - detected UnsignedFile.Multi.Generic (1)
19:08:18.0875 1996	TosIde - ok
19:08:18.0890 1996	tosporte        (b2842672056ca33f0a4aab3e5cbbf181) C:\WINDOWS\system32\DRIVERS\tosporte.sys
19:08:18.0890 1996	tosporte ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0890 1996	tosporte - detected UnsignedFile.Multi.Generic (1)
19:08:18.0953 1996	Tosrfbd         (926ca0b7fd2fa62d82c33b3117936070) C:\WINDOWS\system32\Drivers\tosrfbd.sys
19:08:18.0968 1996	Tosrfbd ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0968 1996	Tosrfbd - detected UnsignedFile.Multi.Generic (1)
19:08:18.0968 1996	Tosrfbnp        (1ae2ba74b2a4f5a358b13fcd35258c30) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
19:08:18.0984 1996	Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0984 1996	Tosrfbnp - detected UnsignedFile.Multi.Generic (1)
19:08:19.0000 1996	Tosrfcom        (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
19:08:19.0000 1996	Tosrfcom ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0000 1996	Tosrfcom - detected UnsignedFile.Multi.Generic (1)
19:08:19.0062 1996	Tosrfhid        (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
19:08:19.0062 1996	Tosrfhid ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0062 1996	Tosrfhid - detected UnsignedFile.Multi.Generic (1)
19:08:19.0109 1996	tosrfnds        (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
19:08:19.0109 1996	tosrfnds ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0109 1996	tosrfnds - detected UnsignedFile.Multi.Generic (1)
19:08:19.0125 1996	TosRfSnd        (ab6fd13d7efa2634fa6bdf84c7ef0696) C:\WINDOWS\system32\drivers\TosRfSnd.sys
19:08:19.0125 1996	TosRfSnd ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0125 1996	TosRfSnd - detected UnsignedFile.Multi.Generic (1)
19:08:19.0187 1996	Tosrfusb        (d870fd6ce9060b73289f47e88630ee0e) C:\WINDOWS\system32\Drivers\tosrfusb.sys
19:08:19.0187 1996	Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0187 1996	Tosrfusb - detected UnsignedFile.Multi.Generic (1)
19:08:19.0234 1996	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
19:08:19.0234 1996	TrkWks ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0234 1996	TrkWks - detected UnsignedFile.Multi.Generic (1)
19:08:19.0250 1996	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:08:19.0250 1996	Udfs ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0250 1996	Udfs - detected UnsignedFile.Multi.Generic (1)
19:08:19.0265 1996	ultra - ok
19:08:19.0328 1996	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:08:19.0343 1996	Update ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0343 1996	Update - detected UnsignedFile.Multi.Generic (1)
19:08:19.0421 1996	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
19:08:19.0437 1996	upnphost ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0437 1996	upnphost - detected UnsignedFile.Multi.Generic (1)
19:08:19.0468 1996	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
19:08:19.0468 1996	UPS ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0468 1996	UPS - detected UnsignedFile.Multi.Generic (1)
19:08:19.0515 1996	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:08:19.0515 1996	usbccgp ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0515 1996	usbccgp - detected UnsignedFile.Multi.Generic (1)
19:08:19.0546 1996	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:08:19.0562 1996	usbehci ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0562 1996	usbehci - detected UnsignedFile.Multi.Generic (1)
19:08:19.0609 1996	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:08:19.0609 1996	usbhub ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0609 1996	usbhub - detected UnsignedFile.Multi.Generic (1)
19:08:19.0656 1996	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:08:19.0656 1996	usbohci ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0656 1996	usbohci - detected UnsignedFile.Multi.Generic (1)
19:08:19.0671 1996	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:08:19.0687 1996	usbprint ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0687 1996	usbprint - detected UnsignedFile.Multi.Generic (1)
19:08:19.0703 1996	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:08:19.0703 1996	usbscan ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0703 1996	usbscan - detected UnsignedFile.Multi.Generic (1)
19:08:19.0718 1996	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:08:19.0718 1996	USBSTOR ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0718 1996	USBSTOR - detected UnsignedFile.Multi.Generic (1)
19:08:19.0750 1996	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:08:19.0750 1996	VgaSave ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0750 1996	VgaSave - detected UnsignedFile.Multi.Generic (1)
19:08:19.0765 1996	ViaIde - ok
19:08:19.0812 1996	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
19:08:19.0828 1996	VolSnap ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0828 1996	VolSnap - detected UnsignedFile.Multi.Generic (1)
19:08:19.0890 1996	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
19:08:19.0906 1996	VSS ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0906 1996	VSS - detected UnsignedFile.Multi.Generic (1)
19:08:19.0937 1996	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
19:08:19.0937 1996	W32Time ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0937 1996	W32Time - detected UnsignedFile.Multi.Generic (1)
19:08:19.0953 1996	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:08:19.0953 1996	Wanarp ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0953 1996	Wanarp - detected UnsignedFile.Multi.Generic (1)
19:08:20.0000 1996	wceusbsh        (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
19:08:20.0000 1996	wceusbsh ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0000 1996	wceusbsh - detected UnsignedFile.Multi.Generic (1)
19:08:20.0000 1996	WDICA - ok
19:08:20.0031 1996	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:08:20.0031 1996	wdmaud ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0031 1996	wdmaud - detected UnsignedFile.Multi.Generic (1)
19:08:20.0062 1996	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
19:08:20.0062 1996	WebClient ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0062 1996	WebClient - detected UnsignedFile.Multi.Generic (1)
19:08:20.0156 1996	winachsf        (1b2696e94900f4e236e6a585ff534309) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
19:08:20.0171 1996	winachsf ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0171 1996	winachsf - detected UnsignedFile.Multi.Generic (1)
19:08:20.0234 1996	WINIO           (6943c8f5cba301e07a1f69df69b09257) C:\WINDOWS\system32\WinIo.sys
19:08:20.0250 1996	WINIO ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0250 1996	WINIO - detected UnsignedFile.Multi.Generic (1)
19:08:20.0296 1996	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:08:20.0312 1996	winmgmt ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0312 1996	winmgmt - detected UnsignedFile.Multi.Generic (1)
19:08:20.0375 1996	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:08:20.0375 1996	WmdmPmSN ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0375 1996	WmdmPmSN - detected UnsignedFile.Multi.Generic (1)
19:08:20.0468 1996	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
19:08:20.0484 1996	Wmi ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0484 1996	Wmi - detected UnsignedFile.Multi.Generic (1)
19:08:20.0531 1996	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:08:20.0531 1996	WmiApSrv ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0531 1996	WmiApSrv - detected UnsignedFile.Multi.Generic (1)
19:08:20.0765 1996	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
19:08:20.0875 1996	WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0875 1996	WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
19:08:21.0078 1996	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:08:21.0156 1996	WPFFontCache_v0400 - ok
19:08:21.0265 1996	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
19:08:21.0281 1996	wscsvc ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0281 1996	wscsvc - detected UnsignedFile.Multi.Generic (1)
19:08:21.0359 1996	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
19:08:21.0406 1996	wuauserv ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0406 1996	wuauserv - detected UnsignedFile.Multi.Generic (1)
19:08:21.0484 1996	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:08:21.0484 1996	WudfPf ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0484 1996	WudfPf - detected UnsignedFile.Multi.Generic (1)
19:08:21.0546 1996	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:08:21.0546 1996	WudfRd ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0546 1996	WudfRd - detected UnsignedFile.Multi.Generic (1)
19:08:21.0609 1996	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:08:21.0625 1996	WudfSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0625 1996	WudfSvc - detected UnsignedFile.Multi.Generic (1)
19:08:21.0703 1996	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
19:08:21.0750 1996	WZCSVC ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0750 1996	WZCSVC - detected UnsignedFile.Multi.Generic (1)
19:08:21.0796 1996	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
19:08:21.0859 1996	xmlprov ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0859 1996	xmlprov - detected UnsignedFile.Multi.Generic (1)
19:08:21.0906 1996	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
19:08:22.0437 1996	\Device\Harddisk0\DR0 - ok
19:08:22.0437 1996	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:08:23.0234 1996	\Device\Harddisk1\DR1 - ok
19:08:23.0250 1996	Boot (0x1200)   (9698ac78387bf321ce4e39a8e03c99a8) \Device\Harddisk0\DR0\Partition0
19:08:23.0250 1996	\Device\Harddisk0\DR0\Partition0 - ok
19:08:23.0250 1996	Boot (0x1200)   (b72af6cc8a81716fbcdc6b23b16463d2) \Device\Harddisk1\DR1\Partition0
19:08:23.0250 1996	\Device\Harddisk1\DR1\Partition0 - ok
19:08:23.0265 1996	============================================================
19:08:23.0265 1996	Scan finished
19:08:23.0265 1996	============================================================
19:08:23.0375 2068	Detected object count: 253
19:08:23.0375 2068	Actual detected object count: 253
19:09:18.0328 2068	ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0328 2068	ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0328 2068	ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0328 2068	ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0328 2068	aec ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0328 2068	aec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0328 2068	AFD ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0328 2068	AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0328 2068	akshasp ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0328 2068	akshasp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0343 2068	aksusb ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0343 2068	aksusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0343 2068	Alerter ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0343 2068	Alerter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0343 2068	AmdK8 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0343 2068	AmdK8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0343 2068	ApfiltrService ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0343 2068	ApfiltrService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0359 2068	AppMgmt ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0359 2068	AppMgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0359 2068	Arp1394 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0359 2068	Arp1394 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0359 2068	AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0359 2068	AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0375 2068	atapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0375 2068	atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0375 2068	Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0375 2068	Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0375 2068	AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0375 2068	AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0375 2068	audstub ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0375 2068	audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0390 2068	Beep ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0390 2068	Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0390 2068	BITS ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0390 2068	BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0390 2068	Browser ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0390 2068	Browser ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0390 2068	BthEnum ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0390 2068	BthEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0390 2068	BthPan ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0390 2068	BthPan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0390 2068	BTHPORT ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0390 2068	BTHPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0406 2068	BthServ ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0406 2068	BthServ ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0406 2068	BTHUSB ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0406 2068	BTHUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0406 2068	cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0406 2068	cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0406 2068	CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0406 2068	CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0406 2068	Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0406 2068	Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0406 2068	Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0406 2068	Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0421 2068	Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0421 2068	Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0421 2068	CiSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0421 2068	CiSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0421 2068	ClipSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0421 2068	ClipSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0421 2068	CmBatt ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0421 2068	CmBatt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0421 2068	Compbatt ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0421 2068	Compbatt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0421 2068	CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0421 2068	CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0421 2068	DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0421 2068	DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0437 2068	Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0437 2068	Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0437 2068	Disk ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0437 2068	Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0437 2068	dmboot ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0437 2068	dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0437 2068	dmio ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0437 2068	dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0437 2068	dmload ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0437 2068	dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0437 2068	dmserver ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0437 2068	dmserver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0437 2068	DMusic ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0437 2068	DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0453 2068	Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0453 2068	Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0453 2068	Dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0453 2068	Dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0453 2068	drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0453 2068	drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0453 2068	EapHost ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0453 2068	EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0453 2068	ERSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0453 2068	ERSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0453 2068	Eventlog ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0453 2068	Eventlog ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0453 2068	EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0453 2068	EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0468 2068	Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0468 2068	Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0468 2068	FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0468 2068	FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0468 2068	Fdc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0468 2068	Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0468 2068	Fips ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0468 2068	Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0468 2068	Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0468 2068	Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0468 2068	FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0468 2068	FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0468 2068	Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0468 2068	Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0484 2068	Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0484 2068	Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0484 2068	Gpc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0484 2068	Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0484 2068	Hardlock ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0484 2068	Hardlock ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0484 2068	HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0484 2068	HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0484 2068	helpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0484 2068	helpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0484 2068	HidIr ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0484 2068	HidIr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0484 2068	HidServ ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0484 2068	HidServ ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0500 2068	hidusb ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0500 2068	hidusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0500 2068	hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0500 2068	hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0500 2068	HLServer ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0500 2068	HLServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0500 2068	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0500 2068	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0500 2068	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0500 2068	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0500 2068	HPZid412 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0500 2068	HPZid412 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0500 2068	HPZipr12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0500 2068	HPZipr12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0515 2068	HPZius12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0515 2068	HPZius12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0515 2068	HSF_DPV ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0515 2068	HSF_DPV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0515 2068	HSXHWAZL ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0515 2068	HSXHWAZL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0515 2068	HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0515 2068	HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0515 2068	HTTPFilter ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0515 2068	HTTPFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0515 2068	i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0515 2068	i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0515 2068	Imapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0515 2068	Imapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0531 2068	ImapiService ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0531 2068	ImapiService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0531 2068	IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0531 2068	IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0531 2068	Ip6Fw ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0531 2068	Ip6Fw ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0531 2068	IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0531 2068	IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0531 2068	IpInIp ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0531 2068	IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0531 2068	IpNat ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0531 2068	IpNat ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0531 2068	IPSec ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0531 2068	IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0546 2068	IrBus ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0546 2068	IrBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0546 2068	IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0546 2068	IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0546 2068	isapnp ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0546 2068	isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0546 2068	Kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0546 2068	Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0546 2068	kbdhid ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0546 2068	kbdhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0546 2068	kmixer ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0546 2068	kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0546 2068	KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0546 2068	KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0562 2068	lanmanserver ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0562 2068	lanmanserver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0562 2068	lanmanworkstation ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0562 2068	lanmanworkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0562 2068	LmHosts ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0562 2068	LmHosts ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0562 2068	MACNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0562 2068	MACNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0562 2068	McrdSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0562 2068	McrdSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0562 2068	mdmxsdk ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0562 2068	mdmxsdk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0562 2068	Messenger ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0562 2068	Messenger ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0578 2068	MHN ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0578 2068	MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0578 2068	MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0578 2068	MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0578 2068	MIINPazX ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0578 2068	MIINPazX ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0578 2068	mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0578 2068	mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0578 2068	mnmsrvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0578 2068	mnmsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0578 2068	Modem ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0578 2068	Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0593 2068	Mouclass ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0593 2068	Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0593 2068	mouhid ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0593 2068	mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0593 2068	MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0593 2068	MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0593 2068	MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0593 2068	MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0593 2068	MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0593 2068	MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0593 2068	MSDTC ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0593 2068	MSDTC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0593 2068	Msfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0593 2068	Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0609 2068	MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0609 2068	MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0609 2068	MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0609 2068	MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0609 2068	MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0609 2068	MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0609 2068	mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0609 2068	mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0609 2068	MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0609 2068	MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0609 2068	Mup ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0609 2068	Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0609 2068	napagent ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0609 2068	napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0625 2068	NDIS ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0625 2068	NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0625 2068	NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0625 2068	NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0625 2068	Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0625 2068	Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0625 2068	NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0625 2068	NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0625 2068	NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0625 2068	NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0625 2068	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0625 2068	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0625 2068	NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0625 2068	NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0640 2068	NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0640 2068	NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0640 2068	NetDDE ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0640 2068	NetDDE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0640 2068	NetDDEdsdm ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0640 2068	NetDDEdsdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0640 2068	Netlogon ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0640 2068	Netlogon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0640 2068	Netman ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0640 2068	Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0640 2068	NIC1394 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0640 2068	NIC1394 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0640 2068	Nla ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0640 2068	Nla ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0687 2068	nm ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0687 2068	nm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0687 2068	Npfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0687 2068	Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0687 2068	Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0687 2068	Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0687 2068	NtLmSsp ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0687 2068	NtLmSsp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0687 2068	NtmsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0687 2068	NtmsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0687 2068	Null ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0687 2068	Null ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0687 2068	nv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0687 2068	nv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0703 2068	NVENETFD ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0703 2068	NVENETFD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0703 2068	nvnetbus ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0703 2068	nvnetbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0703 2068	nvsmu ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0703 2068	nvsmu ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0703 2068	NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0703 2068	NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0703 2068	NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0703 2068	NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0703 2068	NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0703 2068	NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0703 2068	ohci1394 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0703 2068	ohci1394 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0718 2068	Parport ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0718 2068	Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0718 2068	PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0718 2068	PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0718 2068	ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0718 2068	ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0718 2068	PCI ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0718 2068	PCI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0718 2068	PCIIde ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0718 2068	PCIIde ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0718 2068	Pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0718 2068	Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0718 2068	PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0718 2068	PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0734 2068	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0734 2068	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0734 2068	PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0734 2068	PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0734 2068	PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0734 2068	PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0734 2068	Processor ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0734 2068	Processor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0734 2068	ProtectedStorage ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0734 2068	ProtectedStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0734 2068	PSched ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0734 2068	PSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0734 2068	Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0734 2068	Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0750 2068	PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0750 2068	PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0750 2068	RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0750 2068	RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0750 2068	RasAuto ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0750 2068	RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0750 2068	Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0750 2068	Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0750 2068	RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0750 2068	RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0750 2068	RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0750 2068	RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0750 2068	Raspti ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0750 2068	Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0765 2068	Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0765 2068	Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0765 2068	RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0765 2068	RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0765 2068	rdpdr ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0765 2068	rdpdr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0765 2068	RDSessMgr ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0765 2068	RDSessMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0765 2068	redbook ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0765 2068	redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0765 2068	RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0765 2068	RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0765 2068	RemoteRegistry ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0765 2068	RemoteRegistry ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0781 2068	RFCOMM ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0781 2068	RFCOMM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0781 2068	RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0781 2068	RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0781 2068	RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0781 2068	RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0781 2068	rspndr ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0781 2068	rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0781 2068	RSVP ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0781 2068	RSVP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0781 2068	SamSs ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0781 2068	SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0781 2068	SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0796 2068	SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0796 2068	Schedule ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0796 2068	Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0796 2068	Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0796 2068	Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0796 2068	seclogon ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0796 2068	seclogon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0796 2068	SENS ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0796 2068	SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0796 2068	Serial ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0796 2068	Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0796 2068	Sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0796 2068	Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0812 2068	SharedAccess ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0812 2068	SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0812 2068	ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0812 2068	ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0812 2068	SIS163u ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0812 2068	SIS163u ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0812 2068	splitter ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0812 2068	splitter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0812 2068	Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0812 2068	Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0812 2068	sr ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0812 2068	sr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0812 2068	srservice ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0812 2068	srservice ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0828 2068	Srv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0828 2068	Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0828 2068	SSDPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0828 2068	SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0828 2068	ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0828 2068	ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0828 2068	stisvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0828 2068	stisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0828 2068	swenum ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0828 2068	swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0828 2068	swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0828 2068	swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0828 2068	sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0828 2068	sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0843 2068	SysmonLog ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0843 2068	SysmonLog ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0843 2068	TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0843 2068	TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0843 2068	Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0843 2068	Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0843 2068	TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0843 2068	TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0843 2068	TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0843 2068	TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0843 2068	TermDD ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0843 2068	TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0843 2068	TermService ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0843 2068	TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0859 2068	Themes ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0859 2068	Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0859 2068	TlntSvr ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0859 2068	TlntSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0859 2068	toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0859 2068	toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0859 2068	tosporte ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0859 2068	tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0859 2068	Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0859 2068	Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0859 2068	Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0859 2068	Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0859 2068	Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0859 2068	Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0875 2068	Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0875 2068	Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0875 2068	tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0875 2068	tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0875 2068	TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0875 2068	TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0875 2068	Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0875 2068	Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0875 2068	TrkWks ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0875 2068	TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0875 2068	Udfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0875 2068	Udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0875 2068	Update ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0875 2068	Update ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0890 2068	upnphost ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0890 2068	upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0890 2068	UPS ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0890 2068	UPS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0890 2068	usbccgp ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0890 2068	usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0890 2068	usbehci ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0890 2068	usbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0890 2068	usbhub ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0890 2068	usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0890 2068	usbohci ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0890 2068	usbohci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0890 2068	usbprint ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0890 2068	usbprint ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0906 2068	usbscan ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0906 2068	usbscan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0906 2068	USBSTOR ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0906 2068	USBSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0906 2068	VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0906 2068	VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0906 2068	VolSnap ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0906 2068	VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0906 2068	VSS ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0906 2068	VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0906 2068	W32Time ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0906 2068	W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0921 2068	Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0921 2068	Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0921 2068	wceusbsh ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0921 2068	wceusbsh ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0921 2068	wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0921 2068	wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0921 2068	WebClient ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0921 2068	WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0921 2068	winachsf ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0921 2068	winachsf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0921 2068	WINIO ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0921 2068	WINIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0921 2068	winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0921 2068	winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0937 2068	WmdmPmSN ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0937 2068	WmdmPmSN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0937 2068	Wmi ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0937 2068	Wmi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0937 2068	WmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0937 2068	WmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0937 2068	WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0937 2068	WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0937 2068	wscsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0937 2068	wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0937 2068	wuauserv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0937 2068	wuauserv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0937 2068	WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0937 2068	WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0953 2068	WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0953 2068	WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0953 2068	WudfSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0953 2068	WudfSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0953 2068	WZCSVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0953 2068	WZCSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:18.0953 2068	xmlprov ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0953 2068	xmlprov ( UnsignedFile.Multi.Generic ) - User select action: Skip

Bin schon gespannt wie es jetzt weiter geht.

Gruß twinmama

cosinus · 09.07.2012, 08:38

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

twinmama · 09.07.2012, 13:01

so hier kommt der Combofix-Log-Text:

Code:

ATTFilter

ComboFix 12-07-08.01 - Benjamin 09.07.2012  13:31:44.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1023.388 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Benjamin\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Macromedia\SwUpdate
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Macromedia\SwUpdate\B64.dtd
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Macromedia\SwUpdate\Flags.dtd
c:\dokumente und einstellungen\Benjamin\Anwendungsdaten\Wiiplu
c:\dokumente und einstellungen\Benjamin\Anwendungsdaten\Wiiplu\uqha.tmp
c:\dokumente und einstellungen\Benjamin\Anwendungsdaten\Zuwa
c:\dokumente und einstellungen\Benjamin\Anwendungsdaten\Zuwa\kida.lyo
c:\dokumente und einstellungen\Benjamin\Anwendungsdaten\Zuwa\kida.tmp
c:\dokumente und einstellungen\Benjamin\Lokale Einstellungen\Anwendungsdaten\rrdkidac.exe
c:\dokumente und einstellungen\Benjamin\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\WinIo.sys
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINIO
-------\Service_WINIO
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-09 bis 2012-07-09  ))))))))))))))))))))))))))))))
.
.
2012-07-06 11:36 . 2012-07-06 11:36	--------	d-----w-	C:\_OTL
2012-07-06 11:34 . 2012-07-06 11:34	--------	d-----w-	c:\dokumente und einstellungen\Administrator.PRIVAT-PC.002\Anwendungsdaten\Malwarebytes
2012-07-04 16:44 . 2012-07-04 16:44	--------	d-sh--w-	c:\dokumente und einstellungen\Administrator.PRIVAT-PC.002\IETldCache
2012-07-01 17:18 . 2012-07-01 17:18	--------	d-----w-	c:\programme\ESET
2012-06-13 16:09 . 2012-05-11 14:40	521728	-c----w-	c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 05:54 . 2012-06-04 05:54	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-04 05:54 . 2011-12-14 21:35	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2008-10-16 13:08	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-10-16 13:07	18456	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-01-22 07:28	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-01-22 07:28	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-01-22 07:28	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-10-16 13:09	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-10-16 13:08	15896	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-01-22 07:28	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-01-22 07:28	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-10 19:00	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-10-16 13:08	23576	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-01-22 07:28	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-01-22 07:28	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-10 19:00	604160	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2004-08-10 19:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2005-10-06 03:08	1863296	----a-w-	c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2004-08-10 19:00	43520	------w-	c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2004-08-10 19:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 19:00	385024	------w-	c:\windows\system32\html.iec
2012-05-05 03:14 . 2004-08-10 19:00	2150912	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2004-08-04 00:50	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-01-22 07:22	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-16 12:05 . 2012-02-20 09:28	85472	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-10 . B128FC0A5CD83F669D5DE4B58F77C7D6 . 25216 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
.
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-10 . D8653DCD80CF2EBB333FC4FCC43A7DEF . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-10 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 1E5218FBE323C375B488318950E10FB4 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 19D9B6B139F09A72AE71758BDF28308E . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
.
[-] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-10 19:00 . 4B9D9E2708019763C5A72DA776DB1158 . 846848 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-10 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . D3D765E8455A961AE567B408F767D4F9 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2006-02-14 . DECEF2EE72D24C0CD16F245D770B9FB2 . 398848 . . [5.1.2600.2846] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . DBA9F9C00A7A2B45EB8E451C2B6D10E9 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
.
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . F0A7D59AF279326528715B206669B86C . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-10 . EDB6B81761BD60F32F740BBC40AFB676 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-10 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 1438703F3D9FFE111DA3869E4F3EEE73 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 1438703F3D9FFE111DA3869E4F3EEE73 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 2B6ADE29F8D00EEFA5FA2250CBE094AD . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 3C93CE6C6985C55952B7BE6673E9FD15 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2006-08-25 . EE82D1393169AC6BDF6016F4EA8D2B79 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . F64451D07B9368B46AB31172D56D1804 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2005-04-07 . AD9D24F739C51395906FC4C188F025B4 . 1053696 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-10 . 9D0F57B9C65BF8A07DB655A9ED6EB2EE . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-10 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . ADA7241C16F3F42C7F210539FAD5F3AA . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:16 . 3912BEF896D1D687B6053409E5F5F2A6 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:29 . 0D0F85237E32538F58278D673032676A . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
.
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-10 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 3EB703BFC2ED26A3D8ACB8626AB2C006 . 1065472 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 5D0974BD58808FACA5D2C437B6FC8D85 . 1059840 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
.
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . F2AFE60F01040B23207D8EB7DC26EC96 . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . 0E2B88912BF78549D5177A84A3375D52 . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-10 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . C536AAD8A71608FE33CD956214EDD366 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2004-08-10 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-10 . 365B3C43810E1CF41B3BE1E7180F583B . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 774274C487493452DF3B0126DBE7FF3B . 247296 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . EB55B1D9978B61E9913EDCD27EEC4C7C . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 . F1B67B6B0751AE0E6E964B02821206A3 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . F1B67B6B0751AE0E6E964B02821206A3 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
.
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-10 . D27395EDCD3416AFD125A9370DCB585C . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-10 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-10 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-10 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-10 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . F07061E18613F336A3120229097F7635 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . 427D7EB3B453347082C8F4B370065D60 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 78785EFF8CB90CEC1862A4CCFD9A3C3A . 579584 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 492E166CFD26A50FB9160DB536FF7D2B . 579072 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 4C90159A69A5FD3EB39C71411F28FCFF . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
.
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-10 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-10 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-10 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 331ED93570BAF3CFE30340298762CD56 . 1036288 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-10 . 8193CE5FB09E83F2699FD65BBCBE2FD2 . 153600 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2011-11-01 . 6AD6619E7523E27B771569C26F408F0A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[-] 2011-11-01 . 6AD6619E7523E27B771569C26F408F0A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . D684C601EC79D9543D50EB2DB124FE78 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . B3D7633CF83B09042A49810A7A72ADED . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2006-02-14 . A490C00552D911DE9C2F1FC056F56495 . 1286656 . . [5.1.2600.2846] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-25 . 24EDF93FD04CA1A98D32F092DD4F9953 . 1286144 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
.
[-] 2010-04-16 . 45954AFB7AE6E29B23C56B830C820A11 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 45954AFB7AE6E29B23C56B830C820A11 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . EB2AD9C7DADE6C63F5F933881BA2A430 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-08-10 . E4E40EAFF464EBE7752BAD3D82AF1715 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-03 . 4721744CE11F385073F6F9F7831752C7 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
[-] 2002-12-11 22:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\Driver Cache\i386\ksuser.dll
[-] 2002-12-11 22:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll
.
[-] 2010-02-01 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2010-02-01 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-10 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2009-07-27 . 2DB7D303C36DDD055215052F118E8E75 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 2DB7D303C36DDD055215052F118E8E75 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 927666F4228E3FBBC3D1171581DC8BDC . 135680 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 521A4CB71CC419FDF60DB83E7308AE2B . 135168 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . B5B37E7C51A551F60A1254E63C878FA9 . 135680 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-10 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-10 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-10 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-10 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-10 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-10 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-10 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2005-03-10 . A0E72E14B0E12B9AA3648FDB31BDE332 . 297472 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-10 . AE93E415220A4C0112768A0DEE36D28D . 348672 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-10 . BECD5328E7869807D6557BE4FE60C72F . 175616 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-10 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 4891FCDAE77486BFB56999AA217651FA . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:52 . 1614669828A32BCD06E1BE6F334BB888 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:52 . 1614669828A32BCD06E1BE6F334BB888 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . B80F1D82969BD31392F1867936E96448 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-10 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-08-03 17:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-08-03 17:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-10 19:00 . 5FDCCC838CD95F61097D8A637F842AA8 . 25600 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-10 19:00 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 5C686B95470AC24E133AB4DAC4639A6C . 185856 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . 855790C1BACED245A6B210AF430ED17B . 185856 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-10 . 7DB3393F98E4211F5CE8F003DE0615CF . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
[-] 2004-07-09 02:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
[-] 2004-07-09 02:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-10 . 20AE7889467887B869F30308EEED9A2A . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-10 . CAC545A56482DE01640E6B791DE19944 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
[-] 2004-07-09 02:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
[-] 2004-07-09 02:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-10 19:00 . 1404D3DD4ED4F5E2A938B43794049A81 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-10 . 007BFD01772B5202C5CE4F208A2F3F46 . 41984 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-10 . 4EF2FDC0A085C8339ED4D9C59CE8FC60 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-10 . C6D874CD2A5B83CD11CDEBD28A638584 . 176640 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . 452AA1C0E7FEE4B2E78D32BCF36FCEBE . 334336 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . 25E9B30AF1FA1B9AF1853577F39FF20B . 334336 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-10 . 32641AE4D340C1AC2D9B3A3BD71F5C47 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . 45F87F6E7AB4F79B5C719B78C289DB66 . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . DC940E8932827D65180F6A71BD4BD878 . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"T-Online_Software_6\WLAN-Access Finder"="c:\programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2007-07-25 671796]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-13 39408]
"Device Detection"="c:\programme\Lidl_Fotos\dd.exe" [2012-03-16 788376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7585792]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2006-10-02 151552]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"eDoc"="c:\progra~1\GEMEIN~1\MAYCOM~1\EDOCPR~1\eDoc.exe" [2004-09-28 245760]
"DeskUpdateNotifier"="c:\programme\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe" [2011-11-10 100120]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22	1695232	------w-	c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-16 09:42	1617920	----a-w-	c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 17:04	2879488	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Programme\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 HLServer;HL-Server;c:\windows\system32\HLS32SVC.EXE [22.01.2008 11:58 327680]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [20.12.2011 11:41 654408]
R3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [22.01.2008 21:48 17280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.12.2011 11:41 22344]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [23.01.2008 09:48 217600]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SYMEFA.SYS --> c:\windows\system32\drivers\NIS\1005000.087\SYMEFA.SYS [?]
S1 A2DDA;A2 Direct Disk Access Support Driver;\??\c:\programme\Emsisoft Anti-Malware\a2ddax86.sys --> c:\programme\Emsisoft Anti-Malware\a2ddax86.sys [?]
S1 a2injectiondriver;a2injectiondriver;\??\c:\programme\Emsisoft Anti-Malware\a2dix86.sys --> c:\programme\Emsisoft Anti-Malware\a2dix86.sys [?]
S1 a2util;a-squared Malware-IDS utility driver;\??\c:\programme\Emsisoft Anti-Malware\a2util32.sys --> c:\programme\Emsisoft Anti-Malware\a2util32.sys [?]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NIS\1005000.087\BHDrvx86.sys --> c:\windows\system32\Drivers\NIS\1005000.087\BHDrvx86.sys [?]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NIS\1005000.087\ccHPx86.sys --> c:\windows\system32\Drivers\NIS\1005000.087\ccHPx86.sys [?]
S1 IDSxpx86;IDSxpx86;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090331.007\IDSxpx86.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090331.007\IDSxpx86.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [13.12.2011 20:39 136176]
S2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe --> c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [?]
S2 Norton Internet Security;Norton Internet Security;"c:\programme\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\programme\Norton Internet Security\Engine\16.5.0.135\diMaster.dll" /prefetch:1 --> c:\programme\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [13.12.2011 20:39 136176]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [22.01.2008 21:48 17152]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [07.05.2012 09:49 113120]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [22.01.2008 21:47 17536]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-11 c:\windows\Tasks\DeskUpdate.job
- c:\programme\Fujitsu\DeskUpdate\ducmd.exe [2011-01-13 12:34]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-12-13 18:39]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-12-13 18:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Suche - c:\programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: {{5FF205EF-8483-497D-8678-61AC95BB0EBB} - {5FF205EF-8483-497D-8678-61AC95BB0EBB} -
TCP: DhcpNameServer = 192.168.2.1
Handler: shopclever-data - {4AA619DE-8C24-442E-BD8D-EF9DA83EDA05} - 
FF - ProfilePath - c:\dokumente und einstellungen\Benjamin\Anwendungsdaten\Mozilla\Firefox\Profiles\hcaduhgu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - eBay durchsuchen
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-pdfSaver4l - c:\programme\Tracker Software\PDF-XChange Lite 4\pdfSaver4l.exe
HKCU-Run-cblunfvw - c:\dokumente und einstellungen\Benjamin\Lokale Einstellungen\Anwendungsdaten\rrdkidac.exe
HKCU-Run-xwbbpvfo - c:\dokumente und einstellungen\Benjamin\Lokale Einstellungen\Anwendungsdaten\rqtaabgk.exe
HKCU-Run-wklhakaf - c:\dokumente und einstellungen\Benjamin\Lokale Einstellungen\Anwendungsdaten\gllasnxn.exe
HKCU-Run-fdwkhikh - c:\dokumente und einstellungen\Benjamin\Lokale Einstellungen\Anwendungsdaten\ubeufkre.exe
HKCU-Run-howksjhw - c:\dokumente und einstellungen\Benjamin\Lokale Einstellungen\Anwendungsdaten\iirgjhfg.exe
HKCU-Run-ekncwqnt - c:\dokumente und einstellungen\Benjamin\Lokale Einstellungen\Anwendungsdaten\fbrhaiox.exe
HKLM-Run-a-squared Anti-Dialer - c:\programme\a-squared Anti-Dialer\a2adguard.exe
HKLM-Run-FuncKey - c:\programme\Hotkey Management\FuncKey.exe
HKLM-Run-RevHDD - c:\windows\SYSTEM\RevHDD.exe
HKLM-Run-eBayToolbar - c:\programme\eBay\eBay Toolbar2\eBayTBDaemon.exe
MSConfigStartUp-ArcSoft Connection Service - c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
AddRemove-ElsterFormular für Privatanwender 12.0.0.5880p - f:\finanzen\Finanzamt\2009-2010\ElsterFormular\uninstall.exe
AddRemove-ShopClever - c:\programme\ShopClever\Uninstall.exe
AddRemove-pdfsam - c:\dokumente und einstellungen\Benjamin\Desktop\pdfsam\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-09 13:47
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\programme\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programme\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3632)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\programme\Canon\CAL\CALMAIN.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programme\Apoint2K\Apntex.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-09  13:54:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-09 11:54
.
Vor Suchlauf: 10 Verzeichnis(se), 84.764.819.456 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 85.091.893.248 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /usepmtimer /NoExecute=OptOut
.
- - End Of File - - ADAC6C0A10E68B9B4916B6421D35E0AC

und zur Sicherheit auch noch einmal als Dateianhang.

Gruß twinmama

cosinus · 09.07.2012, 13:19

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

twinmama · 09.07.2012, 16:08

hier anteilig der Log-Text von GMER, ein paar Files habe ich nicht mitkopiert, diese enthalten Daten, die vom Namen her nicht hier in der Öffentlichkeit gepostet werden dürfen:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-09 16:59:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD1200BEVS-07LAT0 rev.01.06M01
Running: 2db7bu6o.exe; Driver: C:\DOKUME~1\Benjamin\LOKALE~1\Temp\uglyapob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text                                                                                                                                 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                                                                                                                                                                                                  section is writeable [0xF67D2360, 0x225B3D, 0xE8000020]
.text                                                                                                                                 C:\WINDOWS\system32\drivers\hardlock.sys                                                                                                                                                                                                                                                                                  section is writeable [0xB98F3400, 0x7960C, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xB9995420]  C:\WINDOWS\system32\drivers\hardlock.sys                                                                                                                                                                                                                                                                                  entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xB9995420]
.protectÿÿÿÿhardlockunknown last code section [0xB9995200, 0x5049, 0xE0000020]                                                        C:\WINDOWS\system32\drivers\hardlock.sys                                                                                                                                                                                                                                                                                  unknown last code section [0xB9995200, 0x5049, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text                                                                                                                                 C:\WINDOWS\system32\HLS32SVC.EXE[308] kernel32.dll!ExitProcess                                                                                                                                                                                                                                                            7C81CB12 5 Bytes  JMP 0046AA12 C:\WINDOWS\system32\HLS32SVC.EXE (HL-Server Service for Windows NT/2k/XP/Aladdin Knowledge Systems Ltd.)

---- Devices - GMER 1.0.15 ----

AttachedDevice                                                                                                                        \FileSystem\Fastfat \Fat                                                                                                                                                                                                                                                                                                  fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d0ef03                                                                                                                                                                                                                                               
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d0ef03 (not active ControlSet)                                                                                                                                                                                                                           

---- Files - GMER 1.0.15 ----

Falls Du die doch brauchst, könnte ich sie Dir ausnahmsweise als PN zusenden?

Gruß twinmama

und hier der Log-Text von Osam:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:18:35 on 09.07.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "Microsoft Corporation" - C:\WINDOWS\system32\autochk.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"DeskUpdate.job" - "Fujitsu Technology Solutions" - C:\Programme\Fujitsu\DeskUpdate\ducmd.exe
-----( HKLM\SOFTWARE\Microsoft\Windows Scripting Host\Locations )-----
"CScript" - "Microsoft Corporation" - C:\WINDOWS\System32\cscript.exe
"WScript" - "Microsoft Corporation" - C:\WINDOWS\System32\wscript.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"access.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\access.cpl
"ALSndMgr.Cpl" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\ALSndMgr.Cpl
"appwiz.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
"bthprops.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\bthprops.cpl
"desk.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\desk.cpl
"firewall.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\firewall.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"hdwwiz.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\hdwwiz.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"intl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\intl.cpl
"irprops.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\irprops.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"joy.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\joy.cpl
"main.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\main.cpl
"mmsys.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\mmsys.cpl
"ncpa.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\ncpa.cpl
"netsetup.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\netsetup.cpl
"nusrmgr.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\nusrmgr.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"nwc.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\nwc.cpl
"odbccp32.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\odbccp32.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
"powercfg.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\powercfg.cpl
"RTSndMgr.Cpl" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\RTSndMgr.Cpl
"sysdm.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl
"telephon.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\telephon.cpl
"timedate.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\timedate.cpl
"wscui.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wscui.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir PersonalEdition Classic " - ? - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl  (File not found)
"Internet Connection Firewall" - "Microsoft Corporation" - C:\WINDOWS\system32\Firewall.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"NetSetupWizard" - "Microsoft Corporation" - C:\WINDOWS\system32\NetSetup.cpl
"Speech" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Speech\sapi.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"1394-ARP-Clientprotokoll" (Arp1394) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\arp1394.sys
"1394-Netzwerktreiber" (NIC1394) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\nic1394.sys
"a-squared Malware-IDS utility driver" (a2util) - ? - C:\Programme\Emsisoft Anti-Malware\a2util32.sys  (File not found)
"A2 Direct Disk Access Support Driver" (A2DDA) - ? - C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys  (File not found)
"a2injectiondriver" (a2injectiondriver) - ? - C:\Programme\Emsisoft Anti-Malware\a2dix86.sys  (File not found)
"AFD" (AFD) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\afd.sys
"Aladdin HASP Key" (akshasp) - "Aladdin Knowledge Systems Ltd." - C:\WINDOWS\System32\DRIVERS\akshasp.sys
"Aladdin USB Key" (aksusb) - "Aladdin Knowledge Systems Ltd." - C:\WINDOWS\System32\DRIVERS\aksusb.sys
"Alps Pointing-device Filter Driver" (ApfiltrService) - "Alps Electric Co., Ltd." - C:\WINDOWS\System32\DRIVERS\Apfiltr.sys
"AMD-Prozessortreiber" (AmdK8) - "Advanced Micro Devices" - C:\WINDOWS\System32\DRIVERS\AmdK8.sys
"Antwort für Verbindungsschicht-Topologieerkennung" (rspndr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rspndr.sys
"Asynchroner RAS -Medientreiber" (AsyncMac) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\asyncmac.sys
"Audiostubtreiber" (audstub) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\audstub.sys
"Beep" (Beep) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Beep.sys
"Bereitstellungspunkt-Manager" (MountMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\MountMgr.sys
"Bluetooth Audio Device (WDM) from TOSHIBA" (TosRfSnd) - "TOSHIBA Corporation" - C:\WINDOWS\System32\drivers\TosRfSnd.sys
"Bluetooth Personal Area Network from TOSHIBA" (tosrfnds) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\tosrfnds.sys
"Bluetooth Port Driver from Toshiba" (tosporte) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\tosporte.sys
"Bluetooth RFBNEP from TOSHIBA" (Tosrfbnp) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfbnp.sys
"Bluetooth RFBUS from TOSHIBA" (Tosrfbd) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfbd.sys
"Bluetooth RFCOMM from TOSHIBA" (Tosrfcom) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfcom.sys
"Bluetooth RFHID from TOSHIBA" (Tosrfhid) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys
"Bluetooth USB Controller" (Tosrfusb) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfusb.sys
"Bluetooth-Anforderungsblocktreiber" (BthEnum) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\BthEnum.sys
"Bluetooth-Gerät (PAN)" (BthPan) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\bthpan.sys
"Bluetooth-Gerät (RFCOMM-Protokoll-TDI)" (RFCOMM) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rfcomm.sys
"Bluetooth-Porttreiber" (BTHPORT) - "Microsoft Corporation" - C:\WINDOWS\System32\Drivers\BTHport.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"CD-ROM-Laufwerktreiber" (Cdrom) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\cdrom.sys
"Cdaudio" (Cdaudio) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Cdaudio.sys
"Cdfs" (Cdfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Cdfs.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"dmload" (dmload) - "Microsoft Corp., Veritas Software." - C:\WINDOWS\System32\drivers\dmload.sys
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - ? - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys  (File not found)
"Fastfat" (Fastfat) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fastfat.sys
"Fdc" (Fdc) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fdc.sys
"Filtertreiber für CD-Brennen" (Imapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\imapi.sys
"Filtertreiber für digitale CD-Audiowiedergabe" (redbook) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\redbook.sys
"Filtertreiber für IP-Verkehr" (IpFilterDriver) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
"Filtertreiber für IPX-Verkehr" (NwlnkFlt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
"Filtertreiber für Systemwiederherstellung" (sr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\sr.sys
"Fips" (Fips) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fips.sys
"Flpydisk" (Flpydisk) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Flpydisk.sys
"FltMgr" (FltMgr) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\fltmgr.sys
"Fs_Rec" (Fs_Rec) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fs_Rec.sys
"Hardlock" (Hardlock) - "Aladdin Knowledge Systems Ltd." - C:\WINDOWS\system32\drivers\hardlock.sys
"High-Capacity-Diskettenlaufwerk" (Sfloppy) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\sfloppy.sys
"HSF_DPV" (HSF_DPV) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys
"HSXHWAZL" (HSXHWAZL) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys
"HTTP" (HTTP) - "Microsoft Corporation" - C:\WINDOWS\System32\Drivers\HTTP.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"i8042-Tastatur- und PS/2-Mausanschluss-Treiber" (i8042prt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\i8042prt.sys
"IDSxpx86" (IDSxpx86) - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090331.007\IDSxpx86.sys  (File not found)
"IEEE-1284.4 Driver HPZid412" (HPZid412) - "HP" - C:\WINDOWS\System32\DRIVERS\HPZid412.sys
"Infrared bus filter driver for eHome remote controls" (IrBus) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\IrBus.sys
"IP/IP-Tunneltreiber" (IpInIp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipinip.sys
"IPSEC-Treiber" (IPSec) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipsec.sys
"IPv6-Windows-Firewalltreiber" (Ip6Fw) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\ip6fw.sys
"IR-Enumeratordienst" (IRENUM) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\irenum.sys
"KSecDD" (KSecDD) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\KSecDD.sys
"Laufwerktreiber" (Disk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\disk.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
"Maus-HID-Treiber" (mouhid) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mouhid.sys
"Mausklassentreiber" (Mouclass) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mouclass.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"mdmxsdk" (mdmxsdk) - "Conexant" - C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys
"MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys
"Microcode Updatetreiber" (Update) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\update.sys
"Microsoft ACPI-Treiber" (ACPI) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ACPI.sys
"Microsoft Composite Battery-Treiber" (Compbatt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\compbatt.sys
"Microsoft HID Class-Treiber" (hidusb) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\hidusb.sys
"Microsoft Infrarot-HID-Treiber" (HidIr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\hidir.sys
"Microsoft Kernel GS Wavetablesynthesizer" (swmidi) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\swmidi.sys
"Microsoft Kernel-Audiosplitter" (splitter) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\splitter.sys
"Microsoft Kernel-DLS-Synthesizer" (DMusic) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\DMusic.sys
"Microsoft Kernel-DRM-Audioentschlüsselung" (drmkaud) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\drmkaud.sys
"Microsoft Kernel-Echounterdrückung" (aec) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\aec.sys
"Microsoft Kernel-Systemaudiogerät" (sysaudio) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\sysaudio.sys
"Microsoft Kernel-Waveaudiomixer" (kmixer) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\kmixer.sys
"Microsoft Proxy für Streaming Clock" (MSPCLOCK) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSPCLOCK.sys
"Microsoft Proxy für Streaming Quality Manager" (MSPQM) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSPQM.sys
"Microsoft Standard-USB-Haupttreiber" (usbccgp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbccgp.sys
"Microsoft Streaming Service Proxy" (MSKSSRV) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSKSSRV.sys
"Microsoft UAA-Bustreiber für High Definition Audio" (HDAudBus) - "Windows (R) Server 2003 DDK provider" - C:\WINDOWS\System32\DRIVERS\HDAudBus.sys
"Microsoft USB-Druckerklasse" (usbprint) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbprint.sys
"Microsoft USB-Standardhubtreiber" (usbhub) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbhub.sys
"Microsoft-Systemverwaltungs-BIOS-Treiber" (mssmbios) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mssmbios.sys
"MIINPazX NDIS Protocol Driver" (MIINPazX) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
"Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller" (usbehci) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbehci.sys
"Miniporttreiber für Microsoft USB Open Host-Controller" (usbohci) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbohci.sys
"mnmdd" (mnmdd) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\mnmdd.sys
"Modem" (Modem) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Modem.sys
"MRXSMB" (MRxSmb) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
"Msfs" (Msfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Msfs.sys
"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
"Mup" (Mup) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Mup.sys
"NAVENG" (NAVENG) - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090406.048\NAVENG.SYS  (File not found)
"NAVEX15" (NAVEX15) - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090406.048\NAVEX15.SYS  (File not found)
"NDIS-Benutzermodus-E/A-Protokoll" (Ndisuio) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndisuio.sys
"NDIS-Systemtreiber" (NDIS) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\NDIS.sys
"NDProxy" (NDProxy) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\NDProxy.sys
"NetBios über TCP/IP" (NetBT) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\netbt.sys
"NetBIOS-Schnittstelle" (NetBIOS) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\netbios.sys
"Netzwerkmonitortreiber" (nm) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\NMnt.sys
"Npfs" (Npfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Npfs.sys
"Ntfs" (Ntfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Ntfs.sys
"Null" (Null) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Null.sys
"nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
"NVIDIA Network Bus Enumerator" (nvnetbus) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nvnetbus.sys
"NVIDIA nForce Networking Controller Driver" (NVENETFD) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\NVENETFD.sys
"nvsmu" (nvsmu) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nvsmu.sys
"Parallelanschluss (direkt)" (Raspti) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspti.sys
"Parport" (Parport) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Parport.sys
"Partitions-Manager" (PartMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\PartMgr.sys
"ParVdm" (ParVdm) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ParVdm.sys
"PCI-Bus-Treiber" (PCI) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\pci.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PCIIde" (PCIIde) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\pciide.sys
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PnP-ISA/EISA-Bus-Treiber" (isapnp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\isapnp.sys
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys
"Print Class Driver for IEEE-1284.4 HPZipr12" (HPZipr12) - "HP" - C:\WINDOWS\System32\DRIVERS\HPZipr12.sys
"Protokoll für ATM ARP-Client" (Atmarpc) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\atmarpc.sys
"Prozessortreiber" (Processor) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\processr.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"QoS-Paketplaner" (PSched) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\psched.sys
"RAS-IP-ARP-Treiber" (Wanarp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wanarp.sys
"RAS-NDIS-TAPI-Treiber" (NdisTapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndistapi.sys
"RAS-NDIS-WAN-Treiber" (NdisWan) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndiswan.sys
"Rdbss" (Rdbss) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rdbss.sys
"RDPCDD" (RDPCDD) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
"Redirector für WebDav-Client" (MRxDAV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mrxdav.sys
"Remotezugriff-PPPOE-Treiber" (RasPppoe) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspppoe.sys
"Secdrv" (Secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - C:\WINDOWS\System32\DRIVERS\secdrv.sys
"Serial" (Serial) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Serial.sys
"Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\RtkHDAud.sys
"SiS163 USB Wireless LAN Adapter Driver" (SIS163u) - "Silicon Integrated Systems Corp." - C:\WINDOWS\System32\DRIVERS\sis163u.sys
"Software-Bus-Treiber" (swenum) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\swenum.sys
"Srv" (Srv) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\srv.sys
"ssmdrv" (ssmdrv) - "AVIRA GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"Standard-IDE/ESDI-Festplattencontroller" (atapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\atapi.sys
"Standardpaketklassifizierung" (Gpc) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\msgpc.sys
"Symantec Eraser Control driver" (eeCtrl) - ? - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys  (File not found)
"Symantec Extended File Attributes" (SymEFA) - ? - C:\WINDOWS\System32\drivers\NIS\1005000.087\SYMEFA.SYS  (File not found)
"Symantec Hash Provider" (ccHP) - ? - C:\WINDOWS\System32\Drivers\NIS\1005000.087\ccHPx86.sys  (File not found)
"Symantec Heuristics Driver" (BHDrvx86) - ? - C:\WINDOWS\System32\Drivers\NIS\1005000.087\BHDrvx86.sys  (File not found)
"Symantec Network Dispatch Driver" (SYMTDI) - ? - C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMTDI.SYS  (File not found)
"Symantec Network Filter Driver" (SYMFW) - ? - C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMFW.SYS  (File not found)
"Symantec Network Filter Driver" (SYMIDS) - ? - C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMIDS.SYS  (File not found)
"Symantec Network Filter Driver" (SYMNDIS) - ? - C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMNDIS.SYS  (File not found)
"Symantec Network Security Intermediate Filter Service" (SymIM) - ? - C:\WINDOWS\System32\DRIVERS\SymIM.sys  (File not found)
"Symantec Real Time Storage Protection" (SRTSP) - ? - C:\WINDOWS\System32\Drivers\NIS\1005000.087\SRTSP.SYS  (File not found)
"Symantec Real Time Storage Protection (PEL)" (SRTSPX) - ? - C:\WINDOWS\system32\drivers\NIS\1005000.087\SRTSPX.SYS  (File not found)
"SYMDNS" (SYMDNS) - ? - C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMDNS.SYS  (File not found)
"SymEvent" (SymEvent) - ? - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS  (File not found)
"SymIMMP" (SymIMMP) - ? - C:\WINDOWS\System32\DRIVERS\SymIM.sys  (File not found)
"SYMREDRV" (SYMREDRV) - ? - C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS  (File not found)
"Tastatur-HID-Treiber" (kbdhid) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\kbdhid.sys
"Tastaturklassentreiber" (Kbdclass) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\kbdclass.sys
"TCP/IP-Protokolltreiber" (Tcpip) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\tcpip.sys
"TDPIPE" (TDPIPE) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\TDPIPE.sys
"TDTCP" (TDTCP) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\TDTCP.sys
"Terminal-Gerätetreiber" (TermDD) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\termdd.sys
"TOSHIBA Bluetooth HID port driver" (toshidpt) - "TOSHIBA Corporation." - C:\WINDOWS\System32\drivers\Toshidpt.sys
"Treiber für automatische RAS-Verbindung" (RasAcd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rasacd.sys
"Treiber für die Verwaltung logischer Datenträger" (dmio) - "Microsoft Corp., Veritas Software" - C:\WINDOWS\System32\drivers\dmio.sys
"Treiber für direkte Parallelverbindung" (Ptilink) - "Parallel Technologies, Inc." - C:\WINDOWS\System32\DRIVERS\ptilink.sys
"Treiber für IPX-Verkehrsweiterleitung" (NwlnkFwd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
"Treiber für Microsoft WINMM-WDM-Audiokompatibilität" (wdmaud) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\wdmaud.sys
"Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie" (CmBatt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\CmBatt.sys
"Treiber für Terminalserver-Geräteumleitung" (rdpdr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rdpdr.sys
"Treiber für Volume-Manager" (Ftdisk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ftdisk.sys
"uglyapob" (uglyapob) - ? - C:\DOKUME~1\Benjamin\LOKALE~1\Temp\uglyapob.sys  (Hidden registry entry, rootkit activity | File not found)
"USB to IEEE-1284.4 Translation Driver HPZius12" (HPZius12) - "HP" - C:\WINDOWS\System32\DRIVERS\HPZius12.sys
"USB-Massenspeichertreiber" (USBSTOR) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
"USB-Scannertreiber" (usbscan) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbscan.sys
"USB-Treiber für Bluetooth-Funkgerät" (BTHUSB) - "Microsoft Corporation" - C:\WINDOWS\System32\Drivers\BTHUSB.sys
"VGA-Anzeigecontroller." (VgaSave) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\vga.sys
"VIA OHCI-konformer IEEE 1394-Hostcontroller" (ohci1394) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ohci1394.sys
"VolSnap" (VolSnap) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\VolSnap.sys
"WAN-Miniport (L2TP)" (Rasl2tp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
"WAN-Miniport (PPTP)" (PptpMiniport) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspptp.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"winachsf" (winachsf) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys
"Windows CE USB Serial Host Driver" (wceusbsh) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wceusbsh.sys
"Windows Driver Foundation - User-mode Driver Framework Platform Driver" (WudfPf) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\WudfPf.sys
"Windows Driver Foundation - User-mode Driver Framework Reflector" (WudfRd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wudfrd.sys
"Windows Socket 2.0 Non-IFS Service Provider Support Environment" (WS2IFSL) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\ws2ifsl.sys
"Übersetzer für IP-Netzwerkadressen" (IpNat) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipnat.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{7790769C-0471-11d2-AF11-00C04FA35D02} "Adressbuch 6" - "Microsoft Corporation" - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
KB910393 "KB910393" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
{407408d4-94ed-4d86-ab69-a7f649d112ee} "Media Center" - "Microsoft Corporation" - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Outlook Express 6" - "Microsoft Corporation" - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
{6BF52A52-394A-11d3-B153-00C04F79FAA6} "Microsoft Windows Media Player" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} "NetMeeting 3.01" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} "Outlook Express" - "Microsoft Corporation" - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} "Versions-Update für Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieudinit.exe
{89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" - "Microsoft Corporation" - regsvr32.exe /s /n /i:U shell32.dll
{5945c046-1e7d-11d1-bc44-00c04fd912be} "Windows Messenger 4.7" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
{733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{4AA619DE-8C24-442E-BD8D-EF9DA83EDA05} "AppProtocol Class" - ? - C:\Programme\ShopClever\IE\Shopclever.dll  (File not found)
{12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
{05300401-BCBC-11d0-85E3-00C04FD85AB4} "MHTML Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\inetcomm.dll
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\WINDOWS\system32\itss.dll
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\WINDOWS\system32\itss.dll
{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll
{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} "WiaProtocol Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wiascr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{438755C2-A8BA-11D1-B96B-00A0C90312E1} "Browseui preloader" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{8C7461EF-2B13-11d2-BE35-3078302C2030} "Component Categories cache daemon" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{01E04581-4EEE-11d0-BFE9-00AA005B4383} "&Adresse" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{32714800-2E5F-11d0-8B85-00AA0044F941} "&Nach Personen..." - "Microsoft Corporation" - C:\Programme\Outlook Express\wabfind.dll
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{7e653215-fa25-46bd-a339-34a2790f3cb7} "Accessible" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{A08C11D2-A228-11d0-825B-00AA005B4383} "Address EditBox" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{85BBD920-42A0-1069-A2E4-08002B30309D} "Aktenkoffer" - "Microsoft Corporation" - C:\WINDOWS\system32\syncui.dll
{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} "Audio Media Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shmedia.dll
{91EA3F8B-C99B-11d0-9815-00C04FD91972} "Augmented Shell Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{6413BA2C-B461-11d1-A18A-080036B11A03} "Augmented Shell Folder 2" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} "Ausführen..." - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} "Automatische Diashowwiedergabe der Shell" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{87D62D94-71B3-4b9a-9489-5FE6850DC73E} "Avi Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shmedia.dll
{F61FFEC1-754F-11d0-80CA-00AA005B4383} "BandProxy" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{7A9D77BD-5403-11d2-8785-2E0420524153} "Benutzerkonten" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{add36aa8-751a-4579-a266-d66f5202ccbb} "Bestellung von Abzügen über das Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{67EA19A0-CCEF-11d0-8024-00C04FD75D13} "CDF Extension Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{7D559C10-9FE9-11d0-93F7-00AA0059CE02} "Code Download Agent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{BD472F60-27FA-11cf-B8B4-444553540000} "Compressed (zipped) Folder Right Drag Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll
{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} "Compressed (zipped) Folder SendTo Target" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll
{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} "CompressedFolder" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll
{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} "ConnectionAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{42071713-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Bildschirme" - "Microsoft Corporation" - C:\WINDOWS\system32\deskmon.dll
{42071712-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Grafikkarten" - "Microsoft Corporation" - C:\WINDOWS\system32\deskadp.dll
{7444C717-39BF-11D1-8CD9-00C04FC29D45} "CryptPKO Class" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptext.dll
{7444C719-39BF-11D1-8CD9-00C04FC29D45} "CryptSig Class" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptext.dll
{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} "Custom MRU AutoCompleted List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{CFCCC7A0-A282-11D1-9082-006008059382} "Darwin App Publisher" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} "DfsShell Class" - "Microsoft Corporation" - C:\WINDOWS\system32\dfsshlex.dll
{62AE1F9A-126A-11D0-A14B-0800361B1103} "Directory Context Menu Verbs" - "Microsoft Corporation" - C:\WINDOWS\system32\dsuiext.dll
{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} "Directory Object Find" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{0D45D530-764B-11d0-A1CA-00AA00C16E65} "Directory Property UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dsuiext.dll
{8A23E65E-31C2-11d0-891C-00A024AB2DBB} "Directory Query UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{F020E586-5264-11d1-A532-0000F8757D7E} "Directory Start/Search Find" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{f92e8c40-3d33-11d2-b1aa-080036a75b03} "Display TroubleShoot CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\deskperf.dll
{22BF0C20-6DA7-11D0-B373-00A0C9034938} "Download Status" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{60fd46de-f830-4894-a628-6fa81bc0190d} "Drop-Zielobjekt für den Fotodruck-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\photowiz.dll
{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} "E-Mail" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} "eBay Toolbar" - ? -   (File not found | COM-object registry key not found)
{00022613-0000-0000-C000-000000000046} "Eigenschaften für Multimediadatei" - "Microsoft Corporation" - C:\WINDOWS\system32\mmsys.cpl
{E81FFB23-40E2-431C-A041-76AEA0E4B04C} "Enterprise-Projekte" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\NAMEEXT.DLL
{1F2E5C40-9550-11CE-99D2-00AA006E086C} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\rshx32.dll
{4E40F770-369C-11d0-8922-00A024AB2DBB} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\dssec.dll
{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\rshx32.dll
{59099400-57FF-11CE-BD94-0020AF85B590} "Erweiterung für Datenträgerkopien" - "Microsoft Corporation" - C:\WINDOWS\system32\diskcopy.dll
{EFA24E64-B078-11d0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{692F0339-CBAA-47e6-B5B5-3B84DB604E87} "Extensions Manager Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\extmgr.dll
{7A80E4A8-8005-11D2-BCF8-00C04F72C717} "ExtractIcon Class" - "Microsoft Corporation" - C:\WINDOWS\System32\mmcshext.dll
{EFA24E61-B078-11d0-89E4-00C04FC9E26E} "Favorites Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{3F30C968-480A-4C6C-862D-EFC0897BB84B} "GDI+ Dateiminiaturansicht-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{D6277990-4C6A-11CF-8D87-00AA0060F5BF} "Geplante Tasks" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll
{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "Global Folder Settings" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} "Hilfe und Support" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{EAB841A0-9550-11cf-8C16-00805F1408F3} "HTML-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - "Hilgraeve, Inc." - C:\WINDOWS\system32\hticons.dll
{DBCE2480-C732-101B-BE72-BA78E9AD5B27} "ICC-Profil" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll
{675F097E-4C4D-11D0-B6C1-0800091AA605} "ICM-Druckerverwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll
{5DB2625A-54DF-11D0-B6C4-0800091AA605} "ICM-Monitorverwaltung" - "Microsoft Corporation" - C:\WINDOWS\System32\icmui.dll
{176d6597-26d3-11d1-b350-080036a75b03} "ICM-Scannerverwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} "IE4 Suite-Begrüßungsbildschirm" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{169A0691-8DF9-11d1-A1C4-00C04FD75D13} "In-pane search" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{0B124F8F-91F0-11D1-B8B5-006008059382} "Installed Apps Enumerator" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} "Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{131A6951-7F78-11D0-A979-00C04FD705A2} "ISFBand OC" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} "Kabinettdatei" - "Microsoft Corporation" - C:\WINDOWS\system32\cabview.dll
{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} "Kompatibilitätsseite" - "Microsoft Corporation" - C:\WINDOWS\system32\SlayerXP.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{143A62C8-C33B-11D1-84FE-00C04FA34A14} "Microsoft Agent Character Property Sheet Handler" - "Microsoft Corporation" - C:\WINDOWS\msagent\agentpsh.dll
{00BB2763-6A77-11D0-A535-00C04FD7D062} "Microsoft AutoComplete" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} "Microsoft Browser Architecture" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -   (File not found | COM-object registry key not found)
{7BA4C742-9E81-11CF-99D3-00AA004AE837} "Microsoft BrowserBand" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{7988B573-EC89-11cf-9C00-00AA00A14F56} "Microsoft Disk Quota UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquoui.dll
{6A205B57-2567-4A2C-B881-F787FAB579A3} "Microsoft DocProp Inplace Calendar Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll
{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} "Microsoft DocProp Inplace Droplist Combo Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll
{A9CF0EAE-901A-4739-A481-E35B73E47F6D} "Microsoft DocProp Inplace Edit Box Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll
{8EE97210-FD1F-4B19-91DA-67914005F020} "Microsoft DocProp Inplace ML Edit Box Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll
{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} "Microsoft DocProp Inplace Time Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll
{883373C3-BF89-11D1-BE35-080036B11A03} "Microsoft DocProp Shell Ext" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll
{63da6ec0-2e98-11cf-8d82-444553540000} "Microsoft FTP Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\msieftp.dll
{00BB2764-6A77-11D0-A535-00C04FD7D062} "Microsoft History AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{5E6AB780-7743-11CF-A12B-00AA004AE837} "Microsoft Internet Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{00BB2765-6A77-11D0-A535-00C04FD7D062} "Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{2206CDB2-19C1-11D1-89E0-00C04FD7A829} "Microsoft OLE DB Service Component Data Links" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll
{03C036F1-A186-11D0-824A-00AA005B4383} "Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{A6FD9E45-6E44-43f9-8644-08598F5A74D9} "Midi Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shmedia.dll
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\Wcesview.dll
{6756A641-DE71-11d0-831B-00AA005B4383} "MRU AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{ECF03A33-103D-11d2-854D-006008059367} "MyDocs Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll
{ECF03A32-103D-11d2-854D-006008059367} "MyDocs Drop Target" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll
{4a7ded0a-ad25-11d0-98a8-0800361b1103} "MyDocs menu and properties" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll
{7007ACC7-3202-11D1-AAD2-00805FC1270E} "Netzwerkverbindungen" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll
{992CFFA0-F557-101A-88EC-00DD010CCC48} "Netzwerkverbindungen" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{10CFC467-4392-11d2-8DB4-00C04FA31A66} "Offline Files Folder Options" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{750fdf0e-2a26-11d1-a3ea-080036587f03} "Offline Files Menu" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{3EA48300-8CF6-101B-84FB-666CCB9BCD32} "OLE-Eigenschaftenseite für Dokumente" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop.dll
{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} "Ordner 'Offlinedateien'" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{58f1f272-9240-4f51-b6d4-fd63d1618591} "Passport-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{41E300E0-78B6-11ce-849B-444553540000} "PlusPack CPL-Erweiterung" - "Microsoft Corporation" - C:\WINDOWS\system32\themeui.dll
{35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll
{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll
{640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\Audiodev.dll
{D8BD2030-6FC9-11D0-864F-00AA006809D9} "PostAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{9DB7A13C-F208-4981-8353-73CC61AE2783} "Previous Versions" - "Microsoft Corporation" - C:\WINDOWS\system32\twext.dll
{596AB062-B4D2-4215-9F74-E9109B0A8153} "Previous Versions Property Page" - "Microsoft Corporation" - C:\WINDOWS\system32\twext.dll
{AF4F6510-F982-11d0-8595-00AA004CD6D8} "Registry Tree Options Utility" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{F0152790-D56E-4445-850E-4F3117DB740C} "Remote Sessions CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\remotepg.dll
{3F953603-1008-4f6e-A73A-04AAC7A992F1} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{83bbcbf3-b28a-4919-a5aa-73027445d672} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{905667aa-acd6-11d2-8080-00805f6596d2} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{E211B736-43FD-11D1-9EFB-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} "Scheduling UI icon handler" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll
{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} "Scheduling UI property sheet handler" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll
{BD84B380-8CA2-1069-AB1D-08000948F534} "Schriftarten" - "Microsoft Corporation" - C:\WINDOWS\system32\fontext.dll
{D20EA4E1-3957-11d2-A40B-0C5020524152} "Schriftarten" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{9461b922-3c5a-11d2-bf8b-00c04fb93661} "Search Assistant OC" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\system32\sendmail.dll
{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\system32\sendmail.dll
{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} "Set Program Access and Defaults" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{352EC2B7-8B9A-11D1-B8AE-006008059382} "Shell Application Manager" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
{0A89A860-D7B1-11CE-8350-444553540000} "Shell Automation Inproc Service" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{ECD4FC4E-521C-11D0-B792-00A0C90312E1} "Shell Band Site Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{ECD4FC4C-521C-11D0-B792-00A0C90312E1} "Shell DeskBar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} "Shell DeskBarApp" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{60254CA5-953B-11CF-8C96-00AA00B8708C} "Shell Extension For Windows Script Host" - "Microsoft Corporation" - C:\WINDOWS\system32\wshext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "Shell Image Data Factory" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "Shell Image Property Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{e84fda7c-1d6a-45f6-b725-cb260c236066} "Shell Image Verbs" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} "Shell properties for a DS object" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{ECD4FC4D-521C-11D0-B792-00A0C90312E1} "Shell Rebar BandSite" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{21569614-B795-46b1-85F4-E737A8DC09AD} "Shell Search Band" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{56117100-C0CD-101B-81E2-00AA004AE837} "Shell-Datenauszughandler" - "Microsoft Corporation" - C:\WINDOWS\system32\shscrap.dll
{77597368-7b15-11d0-a0c2-080036af3f03} "Shellerweiterung für Webdrucker" - "Microsoft Corporation" - C:\WINDOWS\system32\printui.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{40dd6e20-7c17-11ce-a804-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - C:\WINDOWS\system32\ntshrui.dll
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - C:\WINDOWS\system32\ntshrui.dll
{59be4990-f85c-11ce-aff7-00aa003ca9f6} "Shellerweiterungen für Microsoft Windows-Netzwerkobjekte" - "Microsoft Corporation" - C:\WINDOWS\system32\ntlanui2.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{6b33163c-76a5-4b6c-bf21-45de9cd503a1} "Shellobjekt des Webpublishing-Assistenten" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{F5175861-2688-11d0-9C5E-00AA00A45957} "Subscription Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} "Subscription Mgr" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} "Suchen" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{0DF44EAA-FF21-4412-828E-260A8728E7F1} "Taskleiste und Startmenü" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
{acf35015-526e-4230-9596-becbe19f0ac9} "Track Popup Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} "TrayAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{7376D660-C583-11d0-A3A5-00C04FD706EC} "TridentImageExtractor" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{DD313E04-FEFF-11d1-8ECD-0000F87A470C} "User Assist" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{D20EA4E1-3957-11d2-A40B-0C5020524153} "Verwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} "Video Media Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shmedia.dll
{c5a40261-cd64-4ccf-84cb-c394da41d590} "Video Thumbnail Extractor" - "Microsoft Corporation" - C:\WINDOWS\system32\shmedia.dll
{E4B29F9D-D390-480b-92FD-7DDB47101D71} "Wav Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shmedia.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{07798131-AF23-11d1-9111-00A0C98BA67D} "Web Search" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} "WebCheck SyncMgr Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} "WebCheckChannelAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{08165EA0-E946-11CF-9C87-00AA005127ED} "WebCheckWebCrawler" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{CC6EEFFB-43F6-46c5-9619-51D571967F7D} "Webpublishing-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL
{44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL
{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} "Windows-Sicherheit" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{9DBD2C50-62AD-11d0-B806-00C04FD706EC} "Zusammenfassungs-Miniaturansichthandler (DOCFILES)" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
{fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{35CEC8A3-2BE6-11D2-8773-92E220524153} "SysTray" - "Microsoft Corporation" - C:\WINDOWS\system32\stobject.dll
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" - "Microsoft Corporation" - C:\WINDOWS\system32\WPDShServiceObj.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} "File Search Explorer Band" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Macromedia, Inc." - C:\WINDOWS\system32\flash.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
"Exec" - "Microsoft Corporation" - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
"Messenger" - "Microsoft Corporation" - C:\Programme\Messenger\msmsgs.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{5FF205EF-8483-497D-8678-61AC95BB0EBB} "Shopclever" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"advapi32" - "Microsoft Corporation" - C:\WINDOWS\system32\advapi32.dll
"comdlg32" - "Microsoft Corporation" - C:\WINDOWS\system32\comdlg32.dll
"gdi32" - "Microsoft Corporation" - C:\WINDOWS\system32\gdi32.dll
"kernel32" - "Microsoft Corporation" - C:\WINDOWS\system32\kernel32.dll
"lz32" - "Microsoft Corporation" - C:\WINDOWS\system32\lz32.dll
"ole32" - "Microsoft Corporation" - C:\WINDOWS\system32\ole32.dll
"oleaut32" - "Microsoft Corporation" - C:\WINDOWS\system32\oleaut32.dll
"olecli32" - "Microsoft Corporation" - C:\WINDOWS\system32\olecli32.dll
"olecnv32" - "Microsoft Corporation" - C:\WINDOWS\system32\olecnv32.dll
"olesvr32" - "Microsoft Corporation" - C:\WINDOWS\system32\olesvr32.dll
"olethk32" - "Microsoft Corporation" - C:\WINDOWS\system32\olethk32.dll
"rpcrt4" - "Microsoft Corporation" - C:\WINDOWS\system32\rpcrt4.dll
"shell32" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
"user32" - "Microsoft Corporation" - C:\WINDOWS\system32\user32.dll
"version" - "Microsoft Corporation" - C:\WINDOWS\system32\version.dll
"wldap32" - "Microsoft Corporation" - C:\WINDOWS\system32\wldap32.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Microsoft Corporation" - C:\WINDOWS\system32\msv1_0.dll
"Notification packages" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll
"Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\kerberos.dll
"Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\msv1_0.dll
"Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\schannel.dll
"Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\wdigest.dll
-----( HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders )-----
"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\msapsspc.dll
"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\schannel.dll
"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\digest.dll
"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\msnsspc.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"HP Digital Imaging Monitor.lnk" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk  (Shortcut exists | File not found)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Benjamin\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Device Detection" - ? - C:\Programme\Lidl_Fotos\dd.exe
"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"T-Online_Software_6\WLAN-Access Finder" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - C:\WINDOWS\Explorer.exe
"Userinit" - "Microsoft Corporation" - C:\WINDOWS\system32\userinit.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - "Microsoft Corporation" - C:\WINDOWS\system32\rdpclip.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Apoint" - "Alps Electric Co., Ltd." - C:\Programme\Apoint2K\Apoint.exe
"BluetoothAuthenticationAgent" - "Microsoft Corporation" - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"DeskUpdateNotifier" - "Fujitsu Technology Solutions" - "C:\Programme\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"
"eDoc" - "May Software" - C:\PROGRA~1\GEMEIN~1\MAYCOM~1\EDOCPR~1\eDoc.exe
"ehTray" - "Microsoft Corporation" - C:\WINDOWS\ehome\ehtray.exe
"FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe
"GrooveMonitor" - "Microsoft Corporation" - "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Software Update" - "Hewlett-Packard" - C:\Programme\HP\HP Software Update\HPWuSchd2.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"RemoteControl" - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
"RTHDCPL" - "Realtek Semiconductor Corp." - RTHDCPL.EXE
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Microsoft Windows-Netzwerk" - "Microsoft Corporation" - C:\WINDOWS\System32\ntlanman.dll
"Microsoft-Terminaldienste" - "Microsoft Corporation" - C:\WINDOWS\System32\drprov.dll
"Web Client Network" - "Microsoft Corporation" - C:\WINDOWS\System32\davclnt.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"BJ Language Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\cnbjmon.dll
"eDocPortMonitor" - "May Software" - C:\PROGRA~1\GEMEIN~1\MAYCOM~1\EDOCPR~1\eDocPort.dll
"hpzlnt04" - "HP" - C:\WINDOWS\system32\hpzlnt04.dll
"Local Port" - "Microsoft Corporation" - C:\WINDOWS\system32\localspl.dll
"PCL Language Monitor" - "Hewlett-Packard Company" - C:\WINDOWS\system32\hpz3l692.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"PJL Language Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\pjlmon.dll
"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll
"Standard TCP/IP Port" - "Microsoft Corporation" - C:\WINDOWS\system32\tcpmon.dll
"USB Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\usbmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Ablagemappe" (ClipSrv) - "Microsoft Corporation" - C:\WINDOWS\system32\clipsrv.exe
"Anmeldedienst" (Netlogon) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"Anwendungsverwaltung" (AppMgmt) - "Microsoft Corporation" - C:\WINDOWS\System32\appmgmts.dll
"Arbeitsstationsdienst" (lanmanworkstation) - "Microsoft Corporation" - C:\WINDOWS\System32\wkssvc.dll
"ArcSoft Connect Daemon" (ACDaemon) - ? - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Automatic Updates" (wuauserv) - "Microsoft Corporation" - C:\WINDOWS\system32\wuauserv.dll
"Automatische Konfiguration (verkabelt)" (Dot3svc) - "Microsoft Corporation" - C:\WINDOWS\System32\dot3svc.dll
"Bluetooth Support Service" (BthServ) - "Microsoft Corporation" - C:\WINDOWS\System32\bthserv.dll
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe
"COM+-Ereignissystem" (EventSystem) - "Microsoft Corporation" - C:\WINDOWS\system32\es.dll
"COM+-Systemanwendung" (COMSysApp) - "Microsoft Corporation" - C:\WINDOWS\system32\dllhost.exe
"Computerbrowser" (Browser) - "Microsoft Corporation" - C:\WINDOWS\System32\browser.dll
"CryptSvc" (CryptSvc) - "Microsoft Corporation" - C:\WINDOWS\System32\cryptsvc.dll
"DCOM-Server-Prozessstart" (DcomLaunch) - "Microsoft Corporation" - C:\WINDOWS\system32\rpcss.dll
"Designs" (Themes) - "Microsoft Corporation" - C:\WINDOWS\System32\shsvcs.dll
"DHCP-Client" (Dhcp) - "Microsoft Corporation" - C:\WINDOWS\System32\dhcpcsvc.dll
"Dienst für Seriennummern der tragbaren Medien" (WmdmPmSN) - "Microsoft Corporation" - C:\WINDOWS\system32\MsPMSNSv.dll
"Distributed Transaction Coordinator" (MSDTC) - "Microsoft Corporation" - C:\WINDOWS\system32\msdtc.exe
"DNS-Client" (Dnscache) - "Microsoft Corporation" - C:\WINDOWS\System32\dnsrslvr.dll
"Druckwarteschlange" (Spooler) - "Microsoft Corporation" - C:\WINDOWS\system32\spoolsv.exe
"Ereignisprotokoll" (Eventlog) - "Microsoft Corporation" - C:\WINDOWS\system32\services.exe
"Extensible Authentication-Protokolldienst" (EapHost) - "Microsoft Corporation" - C:\WINDOWS\System32\eapsvc.dll
"Fehlerberichterstattungsdienst" (ERSvc) - "Microsoft Corporation" - C:\WINDOWS\System32\ersvc.dll
"Gatewaydienst auf Anwendungsebene" (ALG) - ? - C:\WINDOWS\System32\alg.exe  (File not found)
"Geschützter Speicher" (ProtectedStorage) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"HID Input Service" (HidServ) - "Microsoft Corporation" - C:\WINDOWS\System32\hidserv.dll
"Hilfe und Support" (helpsvc) - "Microsoft Corporation" - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
"HL-Server" (HLServer) - "Aladdin Knowledge Systems Ltd." - C:\WINDOWS\system32\HLS32SVC.EXE
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
"HTTP-SSL" (HTTPFilter) - "Microsoft Corporation" - C:\WINDOWS\System32\w3ssl.dll
"IMAPI-CD-Brenn-COM-Dienste" (ImapiService) - "Microsoft Corporation" - C:\WINDOWS\system32\imapi.exe
"Indexdienst" (CiSvc) - "Microsoft Corporation" - C:\WINDOWS\system32\cisvc.exe
"Integritätsschlüssel- und Zertifikatverwaltungsdienst" (hkmsvc) - "Microsoft Corporation" - C:\WINDOWS\System32\kmsvc.dll
"Intelligenter Hintergrundübertragungsdienst" (BITS) - "Microsoft Corporation" - C:\WINDOWS\system32\qmgr.dll
"IPSEC-Dienste" (PolicyAgent) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"Java Quick Starter" (JavaQuickStarterService) - ? - "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf"  (File not found)
"Kompatibilität für schnelle Benutzerumschaltung" (FastUserSwitchingCompatibility) - "Microsoft Corporation" - C:\WINDOWS\System32\shsvcs.dll
"Konfigurationsfreie drahtlose Verbindung" (WZCSVC) - "Microsoft Corporation" - C:\WINDOWS\System32\wzcsvc.dll
"Leistungsdatenprotokolle und Warnungen" (SysmonLog) - "Microsoft Corporation" - C:\WINDOWS\system32\smlogsvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Media Center Extender Service" (McrdSvc) - "Microsoft Corporation" - C:\WINDOWS\ehome\mcrdsvc.exe
"MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"MS Software Shadow Copy Provider" (SwPrv) - "Microsoft Corporation" - C:\WINDOWS\system32\dllhost.exe
"NAP-Agent (Network Access Protection)" (napagent) - "Microsoft Corporation" - C:\WINDOWS\System32\qagentrt.dll
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll
"NetMeeting-Remotedesktop-Freigabe" (mnmsrvc) - "Microsoft Corporation" - C:\WINDOWS\system32\mnmsrvc.exe
"Netzwerkverbindungen" (Netman) - "Microsoft Corporation" - C:\WINDOWS\System32\netman.dll
"Netzwerkversorgungsdienst" (xmlprov) - "Microsoft Corporation" - C:\WINDOWS\System32\xmlprov.dll
"NLA (Network Location Awareness)" (Nla) - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll
"Norton Internet Security" (Norton Internet Security) - ? - "C:\Programme\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Programme\Norton Internet Security\Engine\16.5.0.135\diMaster.dll" /prefetch:1  (File not found)
"NT-LM-Sicherheitsdienst" (NtLmSsp) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Plug & Play" (PlugPlay) - "Microsoft Corporation" - C:\WINDOWS\system32\services.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll
"QoS-RSVP" (RSVP) - "Microsoft Corporation" - C:\WINDOWS\system32\rsvp.exe
"RAS-Verbindungsverwaltung" (RasMan) - "Microsoft Corporation" - C:\WINDOWS\System32\rasmans.dll
"Remote-Registrierung" (RemoteRegistry) - "Microsoft Corporation" - C:\WINDOWS\system32\regsvc.dll
"Remoteprozeduraufruf (RPC)" (RpcSs) - "Microsoft Corporation" - C:\WINDOWS\System32\rpcss.dll
"RPC-Locator" (RpcLocator) - "Microsoft Corporation" - C:\WINDOWS\system32\locator.exe
"Secondary Logon" (seclogon) - "Microsoft Corporation" - C:\WINDOWS\System32\seclogon.dll
"Server" (lanmanserver) - "Microsoft Corporation" - C:\WINDOWS\System32\srvsvc.dll
"Shellhardwareerkennung" (ShellHWDetection) - "Microsoft Corporation" - C:\WINDOWS\System32\shsvcs.dll
"Sicherheitscenter" (wscsvc) - "Microsoft Corporation" - C:\WINDOWS\system32\wscsvc.dll
"Sicherheitskontenverwaltung" (SamSs) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"Sitzungs-Manager für Remotedesktophilfe" (RDSessMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\sessmgr.exe
"Smartcard" (SCardSvr) - "Microsoft Corporation" - C:\WINDOWS\System32\SCardSvr.exe
"SSDP Discovery Service" (SSDPSRV) - "Microsoft Corporation" - C:\WINDOWS\System32\ssdpsrv.dll
"Systemereignisbenachrichtigung" (SENS) - "Microsoft Corporation" - C:\WINDOWS\system32\sens.dll
"Systemwiederherstellungsdienst" (srservice) - "Microsoft Corporation" - C:\WINDOWS\system32\srsvc.dll
"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - ? - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe  (File not found)
"Taskplaner" (Schedule) - "Microsoft Corporation" - C:\WINDOWS\system32\schedsvc.dll
"TCP/IP-NetBIOS-Hilfsprogramm" (LmHosts) - "Microsoft Corporation" - C:\WINDOWS\System32\lmhsvc.dll
"Telefonie" (TapiSrv) - "Microsoft Corporation" - C:\WINDOWS\System32\tapisrv.dll
"Telnet" (TlntSvr) - "Microsoft Corporation" - C:\WINDOWS\system32\tlntsvr.exe
"Terminaldienste" (TermService) - "Microsoft Corporation" - C:\WINDOWS\System32\termsrv.dll
"Treibererweiterungen für Windows-Verwaltungsinstrumentation" (Wmi) - "Microsoft Corporation" - C:\WINDOWS\System32\advapi32.dll
"Universeller Plug & Play-Gerätehost" (upnphost) - "Microsoft Corporation" - C:\WINDOWS\System32\upnphost.dll
"Unterbrechungsfreie Stromversorgung" (UPS) - "Microsoft Corporation" - C:\WINDOWS\System32\ups.exe
"Verwaltung für automatische RAS-Verbindung" (RasAuto) - "Microsoft Corporation" - C:\WINDOWS\System32\rasauto.dll
"Verwaltung logischer Datenträger" (dmserver) - "Microsoft Corp." - C:\WINDOWS\System32\dmserver.dll
"Verwaltungsdienst für die Verwaltung logischer Datenträger" (dmadmin) - "Microsoft Corp., Veritas Software" - C:\WINDOWS\System32\dmadmin.exe
"Volumeschattenkopie" (VSS) - "Microsoft Corporation" - C:\WINDOWS\System32\vssvc.exe
"Webclient" (WebClient) - "Microsoft Corporation" - C:\WINDOWS\System32\webclnt.dll
"Wechselmedien" (NtmsSvc) - "Microsoft Corporation" - C:\WINDOWS\system32\ntmssvc.dll
"Windows Audio" (AudioSrv) - "Microsoft Corporation" - C:\WINDOWS\System32\audiosrv.dll
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Driver Foundation - User-mode Driver Framework" (WudfSvc) - "Microsoft Corporation" - C:\WINDOWS\System32\WUDFSvc.dll
"Windows Installer" (MSIServer) - "Microsoft Corporation" - C:\WINDOWS\system32\msiexec.exe
"Windows Media Player-Netzwerkfreigabedienst" (WMPNetworkSvc) - "Microsoft Corporation" - C:\Programme\Windows Media Player\WMPNetwk.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Windows-Bilderfassung (WIA)" (stisvc) - "Microsoft Corporation" - C:\WINDOWS\system32\wiaservc.dll
"Windows-Firewall/Gemeinsame Nutzung der Internetverbindung" (SharedAccess) - "Microsoft Corporation" - C:\WINDOWS\System32\ipnathlp.dll
"Windows-Verwaltungsinstrumentation" (winmgmt) - "Microsoft Corporation" - C:\WINDOWS\system32\wbem\WMIsvc.dll
"Windows-Zeitgeber" (W32Time) - "Microsoft Corporation" - C:\WINDOWS\system32\w32time.dll
"WMI-Leistungsadapter" (WmiApSrv) - "Microsoft Corporation" - C:\WINDOWS\system32\wbem\wmiapsrv.exe
"Überwachung verteilter Verknüpfungen (Client)" (TrkWks) - "Microsoft Corporation" - C:\WINDOWS\system32\trkwks.dll

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Microsoft Corporation" - C:\WINDOWS\system32\logon.scr
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - "Microsoft Corporation" - C:\WINDOWS\system32\logonui.exe
"VmApplet" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" - "Microsoft Corporation" - C:\WINDOWS\system32\dot3gpclnt.dll
{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} "Drahtlos" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll
{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} "EFS recovery" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll
{25537BA6-77A8-11D2-9B6C-0000F8080861} "Folder Redirection" - "Microsoft Corporation" - C:\WINDOWS\system32\fdeploy.dll
{e437bc1c-aa7d-11d2-a382-00c04f991e27} "IP-Sicherheit" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll
{C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{3610eda5-77ef-11d2-8dc5-00c04fa31a66} "Microsoft-Datenträgerkontingent" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquota.dll
{426031c0-0b47-4852-b0ca-ac3d37bfcb39} "QoS-Paketplaner" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll
{827D319E-6EAC-11D2-A4EA-00C04F79F83A} "Security" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll
{42B5FAAE-6536-11d2-AE5A-0000F87571E3} "Skripts" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - "Microsoft Corporation" - C:\WINDOWS\system32\appmgmts.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"cryptnet" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptnet.dll
"cscdll" - "Microsoft Corporation" - C:\WINDOWS\system32\cscdll.dll
"dimsntfy" - "Microsoft Corporation" - C:\WINDOWS\System32\dimsntfy.dll
"ScCertProp" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll
"Schedule" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll
"sclgntfy" - "Microsoft Corporation" - C:\WINDOWS\system32\sclgntfy.dll
"SensLogn" - "Microsoft Corporation" - C:\WINDOWS\system32\WlNotify.dll
"termsrv" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll
"wlballoon" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"Bluetooth-Namespace" - "Microsoft Corporation" - C:\WINDOWS\system32\wshbth.dll
"NLA-Namespace" - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll
"NTDS" - "Microsoft Corporation" - C:\WINDOWS\System32\winrnr.dll
"TCP/IP" - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{104E0D81-BF6B-4863-B65B-96C7C79A0A0D}] DATAGRAM 6" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{104E0D81-BF6B-4863-B65B-96C7C79A0A0D}] SEQPACKET 6" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{1C9AB1B3-A81D-4B15-AB9A-17E3C4EB960E}] DATAGRAM 2" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{1C9AB1B3-A81D-4B15-AB9A-17E3C4EB960E}] SEQPACKET 2" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{45A7EE43-F955-4994-AC02-D55CA9CBCD5D}] DATAGRAM 0" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{45A7EE43-F955-4994-AC02-D55CA9CBCD5D}] SEQPACKET 0" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{8D5BB942-D2B7-4D76-BABB-9B8D08EE8CA6}] DATAGRAM 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{8D5BB942-D2B7-4D76-BABB-9B8D08EE8CA6}] SEQPACKET 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{9E5ECFB3-14E0-4F09-8F3A-4CAF6020A807}] DATAGRAM 4" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{9E5ECFB3-14E0-4F09-8F3A-4CAF6020A807}] SEQPACKET 4" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{BF1A1940-6A21-4C01-AA15-C80ADA59CAFA}] DATAGRAM 8" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{BF1A1940-6A21-4C01-AA15-C80ADA59CAFA}] SEQPACKET 8" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{E84376CF-F6DB-4329-B349-6EDEC584A93D}] DATAGRAM 3" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{E84376CF-F6DB-4329-B349-6EDEC584A93D}] SEQPACKET 3" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{EC6335DD-B26F-481E-BB94-C48710949942}] DATAGRAM 5" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{EC6335DD-B26F-481E-BB94-C48710949942}] SEQPACKET 5" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{F57FA0BE-F6D9-4F93-9554-FA9178D1A589}] DATAGRAM 7" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{F57FA0BE-F6D9-4F93-9554-FA9178D1A589}] SEQPACKET 7" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD RfComm [Bluetooth]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD Tcpip [RAW/IP]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD Tcpip [TCP/IP]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD Tcpip [UDP/IP]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"RSVP TCP Service Provider" - "Microsoft Corporation" - C:\WINDOWS\system32\rsvpsp.dll
"RSVP UDP Service Provider" - "Microsoft Corporation" - C:\WINDOWS\system32\rsvpsp.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und hier kommt auch der Log-Text von aswMBR

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-09 17:22:29
-----------------------------
17:22:29.875    OS Version: Windows 5.1.2600 Service Pack 3
17:22:29.875    Number of processors: 2 586 0x4802
17:22:29.875    ComputerName: PRIVAT-PC  UserName: Benjamin
17:22:30.453    Initialize success
17:24:14.781    AVAST engine defs: 12070900
17:26:38.671    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
17:26:38.671    Disk 0 Vendor: WDC_WD1200BEVS-07LAT0 01.06M01 Size: 114473MB BusType: 3
17:26:38.671    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-19
17:26:38.671    Disk 1 Vendor: WDC_WD1200BEVS-07LAT0 01.06M01 Size: 114473MB BusType: 3
17:26:38.765    Disk 0 MBR read successfully
17:26:38.765    Disk 0 MBR scan
17:26:38.812    Disk 0 Windows XP default MBR code
17:26:38.812    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       114463 MB offset 63
17:26:38.859    Disk 0 scanning sectors +234420480
17:26:39.000    Disk 0 scanning C:\WINDOWS\system32\drivers
17:27:13.031    Service scanning
17:27:40.265    Modules scanning
17:27:58.281    Module: C:\WINDOWS\System32\drivers\dxgthk.sys  **SUSPICIOUS**
17:28:00.015    Module: C:\WINDOWS\system32\drivers\hardlock.sys  **SUSPICIOUS**
17:28:02.187    Module: C:\WINDOWS\system32\ntdll.dll  **SUSPICIOUS**
17:28:02.187    Disk 0 trace - called modules:
17:28:02.218    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
17:28:02.218    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d10ab8]
17:28:02.218    3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000082[0x86db1650]
17:28:02.218    5 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x86cc8030]
17:28:03.796    AVAST engine scan C:\WINDOWS
17:28:26.906    AVAST engine scan C:\WINDOWS\system32
17:34:37.546    AVAST engine scan C:\WINDOWS\system32\drivers
17:35:16.984    AVAST engine scan C:\Dokumente und Einstellungen\Benjamin
17:50:33.296    AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:59:44.531    Scan finished successfully
18:23:06.562    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Benjamin\Desktop\MBR.dat"
18:23:06.562    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Benjamin\Desktop\aswMBR.txt"

Gruß twinmama

cosinus · 09.07.2012, 18:38

Wir müssen nochmal mit CF ran, da ist einiges noch unklar:

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-

Firefox::
FF - ProfilePath - c:\dokumente und einstellungen\Benjamin\Anwendungsdaten\Mozilla\Firefox\Profiles\hcaduhgu.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

Filelook::
C:\WINDOWS\System32\drivers\dxgthk.sys
C:\WINDOWS\system32\drivers\hardlock.sys
C:\WINDOWS\system32\ntdll.dll

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

twinmama · 09.07.2012, 20:33

Hallo Arne,

hier kommt also die neue Combofix Log-Datei:

Code:

ATTFilter

ComboFix 12-07-08.02 - Benjamin 09.07.2012  21:08:17.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1023.422 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Benjamin\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Benjamin\Desktop\CFScript.txt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-09 bis 2012-07-09  ))))))))))))))))))))))))))))))
.
.
2012-07-06 11:36 . 2012-07-06 11:36	--------	d-----w-	C:\_OTL
2012-07-06 11:34 . 2012-07-06 11:34	--------	d-----w-	c:\dokumente und einstellungen\Administrator.PRIVAT-PC.002\Anwendungsdaten\Malwarebytes
2012-07-04 16:44 . 2012-07-04 16:44	--------	d-sh--w-	c:\dokumente und einstellungen\Administrator.PRIVAT-PC.002\IETldCache
2012-07-01 17:18 . 2012-07-01 17:18	--------	d-----w-	c:\programme\ESET
2012-06-13 16:09 . 2012-05-11 14:40	521728	-c----w-	c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 05:54 . 2012-06-04 05:54	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-04 05:54 . 2011-12-14 21:35	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2008-10-16 13:08	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-10-16 13:07	18456	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-01-22 07:28	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-01-22 07:28	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-01-22 07:28	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-10-16 13:09	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-10-16 13:08	15896	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-01-22 07:28	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-01-22 07:28	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-10 19:00	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-10-16 13:08	23576	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-01-22 07:28	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-01-22 07:28	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-10 19:00	604160	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2004-08-10 19:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2005-10-06 03:08	1863296	----a-w-	c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2004-08-10 19:00	43520	------w-	c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2004-08-10 19:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 19:00	385024	------w-	c:\windows\system32\html.iec
2012-05-05 03:14 . 2004-08-10 19:00	2150912	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2004-08-04 00:50	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-01-22 07:22	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-16 12:05 . 2012-02-20 09:28	85472	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\System32\drivers\dxgthk.sys ---
Company: Microsoft Corporation
File Description: DirectX Graphics Driver Thunk
File Version: 5.1.2600.0 (xpclient.010817-1148)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: dxgthk.sys
File size: 3328
Created time: 2004-08-10 19:00
Modified time: 2004-08-10 19:00
MD5: A73F5D6705B1D820C19B18782E176EFD
SHA1: 6F9F663CDFBC2592EAB4C43FEE359EFFD37D60F2
.
.
--- c:\windows\system32\drivers\hardlock.sys ---
Company: Aladdin Knowledge Systems Ltd.
File Description: Hardlock Device Driver for Windows NT
File Version: 3.40
Product Name: Hardlock Device Driver for Windows NT
Copyright: Aladdin Knowledge Systems Ltd. (c) 1985-2005.
Original Filename: hardlock.sys
File size: 685056
Created time: 2008-01-22 09:48
Modified time: 2005-07-28 07:18
MD5: C1CC0C9742B881C42F1CC628E6F9EBD1
SHA1: A82C77A6964B0B649E2F81F33F52CA1E7DC123FB
.
.
--- c:\windows\system32\ntdll.dll ---
Company: Microsoft Corporation
File Description: DLL für NT-Layer
File Version: 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: ntdll.dll
File size: 743936
Created time: 2004-08-10 19:00
Modified time: 2010-12-09 15:15
MD5: E3BDD71DA7EAB0A503129D4D127AF1CB
SHA1: B32BC2EA137799A67850799374349C36FA56E30F
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-10 . B128FC0A5CD83F669D5DE4B58F77C7D6 . 25216 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
.
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-10 . D8653DCD80CF2EBB333FC4FCC43A7DEF . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-10 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 1E5218FBE323C375B488318950E10FB4 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 19D9B6B139F09A72AE71758BDF28308E . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
.
[-] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-10 19:00 . 4B9D9E2708019763C5A72DA776DB1158 . 846848 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-10 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . D3D765E8455A961AE567B408F767D4F9 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2006-02-14 . DECEF2EE72D24C0CD16F245D770B9FB2 . 398848 . . [5.1.2600.2846] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . DBA9F9C00A7A2B45EB8E451C2B6D10E9 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
.
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . F0A7D59AF279326528715B206669B86C . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-10 . EDB6B81761BD60F32F740BBC40AFB676 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-10 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 1438703F3D9FFE111DA3869E4F3EEE73 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 1438703F3D9FFE111DA3869E4F3EEE73 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 2B6ADE29F8D00EEFA5FA2250CBE094AD . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 3C93CE6C6985C55952B7BE6673E9FD15 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2006-08-25 . EE82D1393169AC6BDF6016F4EA8D2B79 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . F64451D07B9368B46AB31172D56D1804 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2005-04-07 . AD9D24F739C51395906FC4C188F025B4 . 1053696 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-10 . 9D0F57B9C65BF8A07DB655A9ED6EB2EE . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-10 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . ADA7241C16F3F42C7F210539FAD5F3AA . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:16 . 3912BEF896D1D687B6053409E5F5F2A6 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:29 . 0D0F85237E32538F58278D673032676A . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
.
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-10 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 3EB703BFC2ED26A3D8ACB8626AB2C006 . 1065472 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 5D0974BD58808FACA5D2C437B6FC8D85 . 1059840 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
.
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . F2AFE60F01040B23207D8EB7DC26EC96 . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . 0E2B88912BF78549D5177A84A3375D52 . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-10 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . C536AAD8A71608FE33CD956214EDD366 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2004-08-10 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-10 . 365B3C43810E1CF41B3BE1E7180F583B . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 774274C487493452DF3B0126DBE7FF3B . 247296 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . EB55B1D9978B61E9913EDCD27EEC4C7C . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 . F1B67B6B0751AE0E6E964B02821206A3 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . F1B67B6B0751AE0E6E964B02821206A3 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
.
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-10 . D27395EDCD3416AFD125A9370DCB585C . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-10 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-10 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-10 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-10 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . F07061E18613F336A3120229097F7635 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . 427D7EB3B453347082C8F4B370065D60 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 78785EFF8CB90CEC1862A4CCFD9A3C3A . 579584 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 492E166CFD26A50FB9160DB536FF7D2B . 579072 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 4C90159A69A5FD3EB39C71411F28FCFF . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
.
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-10 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-10 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-10 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 331ED93570BAF3CFE30340298762CD56 . 1036288 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-10 . 8193CE5FB09E83F2699FD65BBCBE2FD2 . 153600 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2011-11-01 . 6AD6619E7523E27B771569C26F408F0A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[-] 2011-11-01 . 6AD6619E7523E27B771569C26F408F0A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . D684C601EC79D9543D50EB2DB124FE78 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . B3D7633CF83B09042A49810A7A72ADED . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2006-02-14 . A490C00552D911DE9C2F1FC056F56495 . 1286656 . . [5.1.2600.2846] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-25 . 24EDF93FD04CA1A98D32F092DD4F9953 . 1286144 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
.
[-] 2010-04-16 . 45954AFB7AE6E29B23C56B830C820A11 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 45954AFB7AE6E29B23C56B830C820A11 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . EB2AD9C7DADE6C63F5F933881BA2A430 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-08-10 . E4E40EAFF464EBE7752BAD3D82AF1715 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-03 . 4721744CE11F385073F6F9F7831752C7 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
[-] 2002-12-11 22:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\Driver Cache\i386\ksuser.dll
[-] 2002-12-11 22:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll
.
[-] 2010-02-01 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2010-02-01 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-10 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2009-07-27 . 2DB7D303C36DDD055215052F118E8E75 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 2DB7D303C36DDD055215052F118E8E75 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 927666F4228E3FBBC3D1171581DC8BDC . 135680 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 521A4CB71CC419FDF60DB83E7308AE2B . 135168 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . B5B37E7C51A551F60A1254E63C878FA9 . 135680 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-10 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-10 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-10 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-10 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-10 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-10 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-10 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2005-03-10 . A0E72E14B0E12B9AA3648FDB31BDE332 . 297472 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-10 . AE93E415220A4C0112768A0DEE36D28D . 348672 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-10 . BECD5328E7869807D6557BE4FE60C72F . 175616 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-10 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 4891FCDAE77486BFB56999AA217651FA . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:52 . 1614669828A32BCD06E1BE6F334BB888 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:52 . 1614669828A32BCD06E1BE6F334BB888 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . B80F1D82969BD31392F1867936E96448 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-10 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-08-03 17:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-08-03 17:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-10 19:00 . 5FDCCC838CD95F61097D8A637F842AA8 . 25600 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-10 19:00 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 5C686B95470AC24E133AB4DAC4639A6C . 185856 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . 855790C1BACED245A6B210AF430ED17B . 185856 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-10 . 7DB3393F98E4211F5CE8F003DE0615CF . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
[-] 2004-07-09 02:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
[-] 2004-07-09 02:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-10 . 20AE7889467887B869F30308EEED9A2A . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-10 . CAC545A56482DE01640E6B791DE19944 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
[-] 2004-07-09 02:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
[-] 2004-07-09 02:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-10 19:00 . 1404D3DD4ED4F5E2A938B43794049A81 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-10 . 007BFD01772B5202C5CE4F208A2F3F46 . 41984 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-10 . 4EF2FDC0A085C8339ED4D9C59CE8FC60 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-10 . C6D874CD2A5B83CD11CDEBD28A638584 . 176640 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . 452AA1C0E7FEE4B2E78D32BCF36FCEBE . 334336 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . 25E9B30AF1FA1B9AF1853577F39FF20B . 334336 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-10 . 32641AE4D340C1AC2D9B3A3BD71F5C47 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . 45F87F6E7AB4F79B5C719B78C289DB66 . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . DC940E8932827D65180F6A71BD4BD878 . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"T-Online_Software_6\WLAN-Access Finder"="c:\programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2007-07-25 671796]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-13 39408]
"Device Detection"="c:\programme\Lidl_Fotos\dd.exe" [2012-03-16 788376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7585792]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2006-10-02 151552]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"eDoc"="c:\progra~1\GEMEIN~1\MAYCOM~1\EDOCPR~1\eDoc.exe" [2004-09-28 245760]
"DeskUpdateNotifier"="c:\programme\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe" [2011-11-10 100120]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22	1695232	------w-	c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-16 09:42	1617920	----a-w-	c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 17:04	2879488	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Programme\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 HLServer;HL-Server;c:\windows\system32\HLS32SVC.EXE [22.01.2008 11:58 327680]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [20.12.2011 11:41 654408]
R3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [22.01.2008 21:48 17280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.12.2011 11:41 22344]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [23.01.2008 09:48 217600]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SYMEFA.SYS --> c:\windows\system32\drivers\NIS\1005000.087\SYMEFA.SYS [?]
S1 A2DDA;A2 Direct Disk Access Support Driver;\??\c:\programme\Emsisoft Anti-Malware\a2ddax86.sys --> c:\programme\Emsisoft Anti-Malware\a2ddax86.sys [?]
S1 a2injectiondriver;a2injectiondriver;\??\c:\programme\Emsisoft Anti-Malware\a2dix86.sys --> c:\programme\Emsisoft Anti-Malware\a2dix86.sys [?]
S1 a2util;a-squared Malware-IDS utility driver;\??\c:\programme\Emsisoft Anti-Malware\a2util32.sys --> c:\programme\Emsisoft Anti-Malware\a2util32.sys [?]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NIS\1005000.087\BHDrvx86.sys --> c:\windows\system32\Drivers\NIS\1005000.087\BHDrvx86.sys [?]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NIS\1005000.087\ccHPx86.sys --> c:\windows\system32\Drivers\NIS\1005000.087\ccHPx86.sys [?]
S1 IDSxpx86;IDSxpx86;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090331.007\IDSxpx86.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090331.007\IDSxpx86.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [13.12.2011 20:39 136176]
S2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe --> c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [?]
S2 Norton Internet Security;Norton Internet Security;"c:\programme\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\programme\Norton Internet Security\Engine\16.5.0.135\diMaster.dll" /prefetch:1 --> c:\programme\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [13.12.2011 20:39 136176]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [22.01.2008 21:48 17152]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [07.05.2012 09:49 113120]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [22.01.2008 21:47 17536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-11 c:\windows\Tasks\DeskUpdate.job
- c:\programme\Fujitsu\DeskUpdate\ducmd.exe [2011-01-13 12:34]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-12-13 18:39]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-12-13 18:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Suche - c:\programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: {{5FF205EF-8483-497D-8678-61AC95BB0EBB} - {5FF205EF-8483-497D-8678-61AC95BB0EBB} -
TCP: DhcpNameServer = 192.168.2.1
Handler: shopclever-data - {4AA619DE-8C24-442E-BD8D-EF9DA83EDA05} - 
FF - ProfilePath - c:\dokumente und einstellungen\Benjamin\Anwendungsdaten\Mozilla\Firefox\Profiles\hcaduhgu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - eBay durchsuchen
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-09 21:20
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\programme\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programme\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3864)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2012-07-09  21:25:23
ComboFix-quarantined-files.txt  2012-07-09 19:25
ComboFix2.txt  2012-07-09 11:54
.
Vor Suchlauf: 12 Verzeichnis(se), 85.192.282.112 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 85.286.408.192 Bytes frei
.
- - End Of File - - 0C2A2238A6ED30DC0439B072BBDB8B1A

und auch noch einmal als Dateianhang...

Gruß twinmama

cosinus · 10.07.2012, 11:43

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

twinmama · 10.07.2012, 21:53

Hallo Arne,

der Malware Scan hat nichts mehr gefunden.

Hier die Log-Datei:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.10.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Benjamin :: PRIVAT-PC [Administrator]

Schutz: Aktiviert

10.07.2012 17:51:09
mbam-log-2012-07-10 (17-51-09).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 381737
Laufzeit: 48 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

die SUPERAntiSpyware hat noch 15 Funde angezeigt, auch hier der Log-Text:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/10/2012 at 10:14 PM

Application Version : 5.5.1006

Core Rules Database Version : 8875
Trace Rules Database Version: 6687

Scan type       : Complete Scan
Total Scan Time : 01:49:18

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 474
Memory threats detected   : 0
Registry items scanned    : 37394
Registry threats detected : 0
File items scanned        : 70434
File threats detected     : 15

Adware.Tracking Cookie
	www.googleadservices.com [ C:\DOKUMENTE UND EINSTELLUNGEN\NUR FüRS INTERNET\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BD8ZG18J.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Malintent
	C:\PROGRAMME\WINRAR\DEFAULT.SFX

Trojan.Agent/Gen-Downloader
	C:\QOOBOX\QUARANTINE\C\DOKUMENTE UND EINSTELLUNGEN\BENJAMIN\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\RRDKIDAC.EXE.VIR
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{641DB1D7-F64C-49D9-9FA5-1A25FE6B3D9A}\RP1174\A0267244.EXE

Trojan.Agent/Gen-Nullo[Short]
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{641DB1D7-F64C-49D9-9FA5-1A25FE6B3D9A}\RP1168\A0264847.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{641DB1D7-F64C-49D9-9FA5-1A25FE6B3D9A}\RP1168\A0264848.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{641DB1D7-F64C-49D9-9FA5-1A25FE6B3D9A}\RP1168\A0264849.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{641DB1D7-F64C-49D9-9FA5-1A25FE6B3D9A}\RP1168\A0264850.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{641DB1D7-F64C-49D9-9FA5-1A25FE6B3D9A}\RP1170\A0264903.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{641DB1D7-F64C-49D9-9FA5-1A25FE6B3D9A}\RP1170\A0264904.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{641DB1D7-F64C-49D9-9FA5-1A25FE6B3D9A}\RP1170\A0264905.EXE

Trojan.Agent/Gen-Chifrax
	C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\WEXTRACT.EXE

Trojan.Agent/Gen-Patchload
	C:\WINDOWS\INSTALLER\{90110407-6000-11D3-8CFE-0150048383C9}\MISC.EXE

Trojan.Agent/Gen-Refroso
	C:\WINDOWS\SERVICEPACKFILES\I386\WEXTRACT.EXE
	C:\WINDOWS\SYSTEM32\WEXTRACT.EXE

Ich habe bei SUPERAntiSpyware aber nur gescannt und keine Elemente gelöscht bzw. in Quarantäne verschoben, war das richtig?
Soll ich das Programm SUPERAntiSpyware jetzt wieder deinstallieren oder brauchen wir das noch?

Gruß twinmama

cosinus · 11.07.2012, 10:12

Nur Überreste und Fehlalarme, ansonsten ein Cookie
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

05.07.2012, 20:52	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Infektion mit Live Security Platinum: Dateien lassen sich nicht mehr ausführen inkl. F8 Richtig schon, aber leider unvollständig __________________ Logfiles bitte immer in CODE-Tags posten

10.07.2012, 11:43	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Infektion mit Live Security Platinum: Dateien lassen sich nicht mehr ausführen inkl. F8 Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Infektion mit Live Security Platinum: Dateien lassen sich nicht mehr ausführen inkl. F8

Plagegeister aller Art und deren Bekämpfung: Infektion mit Live Security Platinum: Dateien lassen sich nicht mehr ausführen inkl. F8