Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Security Shield eingefangen

Security Shield eingefangen


Log-Analyse und Auswertung: Security Shield eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 3 1 2 3
Alt 25.07.2012, 14:44   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield eingefangen - Standard

Security Shield eingefangen


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-1275210071-448539723-725345543-1004\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\InprocServer32 File not found
FF - prefs.js..keyword.URL: "http://go.web.de/br/moz_keyurl_search/?su="
FF - user.js - File not found
[2011.10.23 12:34:06 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll File not found
O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe File not found
O4 - HKU\S-1-5-21-1275210071-448539723-725345543-1004..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-448539723-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.03 18:38:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
@Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:430C6D84
@Alternate Data Stream - 116 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
:Files
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\cache
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\{3d12e614-1f30-267d-d004-1f387a3df657}\@
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\{3d12e614-1f30-267d-d004-1f387a3df657}\U
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\{3d12e614-1f30-267d-d004-1f387a3df657}\n
C:\WINDOWS\Installer\{3d12e614-1f30-267d-d004-1f387a3df657}\U
C:\WINDOWS\Installer\{3d12e614-1f30-267d-d004-1f387a3df657}\@
C:\WINDOWS\Installer\{3d12e614-1f30-267d-d004-1f387a3df657}\n
C:\Programme\ff.exe
C:\user.js
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.07.2012, 14:50   #17
zbraff
 
Security Shield eingefangen - Standard

Security Shield eingefangen


Eine Frage hätte ich noch bevor ich auf Fix klicke:

Muss ich überall wo jetzt "User" steht wieder meinen richtigen Benutzernamen eintragen?

Ich glaub so langsam, dasss ich das Rootkit ZeroAccess hab.

Ich hab nochmals Anti-Malware laufen lassen, hier die Log-Datei:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.17.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: INTERNET-PC [Administrator]

25.07.2012 19:02:56
mbam-log-2012-07-25 (19-12-46).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223721
Laufzeit: 6 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bösartig: (\\.\globalroot\systemroot\Installer\{3d12e614-1f30-267d-d004-1f387a3df657}\n.) Gut: (wbemess.dll) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\WINDOWS\Installer\{3d12e614-1f30-267d-d004-1f387a3df657}\U\00000001.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)
Mir ist auch aufgefallen, dass unter:

C:\Dokumente und Einstellungen\User\

fast alle Ordner fehlen. Nur 3 Ordner sind übrig. Jedoch ist die Größe dieser 3 Ordner deutlich geringer als die Größe des obigen Verzeichnisses. Also müssen die anderen Ordner doch noch da sein, oder?

Ist eine Neuinstallation von Windows jetzt der letzte Ausweg?

PS: Die LAN-Verbindung auf dem infizierten PC hab ich natürlich längst deaktiviert.
__________________
Alt 26.07.2012, 09:10   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield eingefangen - Standard

Security Shield eingefangen


Ja sicher musst du das zurückeditieren!
Warum machst du das auch entgegen unserer Empfehlung?!
In dem Thread für alle Hilfesuchenden steht extra, du sollst aus sowas wie

C:\User\Meike Musterfrau\Verzeichnis\Datei.abc sowas machen => C:\Users\***\Verzeichnis\Datei.abc

Hätte ich das mit den Sternchen gesehen, hätte ich auch extra dann einen passenden Hinweis dazugepackt....
__________________
__________________
Alt 26.07.2012, 10:16   #19
zbraff
 
Security Shield eingefangen - Standard

Security Shield eingefangen


Sorry, das hab ich leider nicht gesehen *Schande über mich*.

Jetzt aber die Log-Datei und diesesmal korrekt ausgesternt:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1275210071-448539723-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ deleted successfully.
Prefs.js: "hxxp://go.web.de/br/moz_keyurl_search/?su=" removed from keyword.URL
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\search\engine folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\newtab\initial-thumbs folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\homebutton folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\brand folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\help\page folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\util folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\tracking folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\search\mcollect folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\hotnews folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\components folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Gtwatch deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1275210071-448539723-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1275210071-448539723-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:430C6D84 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache folder moved successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{3d12e614-1f30-267d-d004-1f387a3df657}\@ moved successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{3d12e614-1f30-267d-d004-1f387a3df657}\U folder moved successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{3d12e614-1f30-267d-d004-1f387a3df657}\n moved successfully.
C:\WINDOWS\Installer\{3d12e614-1f30-267d-d004-1f387a3df657}\U folder moved successfully.
C:\WINDOWS\Installer\{3d12e614-1f30-267d-d004-1f387a3df657}\@ moved successfully.
C:\WINDOWS\Installer\{3d12e614-1f30-267d-d004-1f387a3df657}\n moved successfully.
C:\Programme\ff.exe moved successfully.
File\Folder C:\user.js not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: ***
->Temp folder emptied: 931830420 bytes
->Temporary Internet Files folder emptied: 365900517 bytes
->FireFox cache emptied: 1125631186 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 1788 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 375640 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 631296 bytes
%systemroot% .tmp files removed: 2352202 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4353239 bytes
RecycleBin emptied: 239643062 bytes
 
Total Files Cleaned = 2.547,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default User
 
User: ***
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.1 log created on 07262012_105305

Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\9iswm21x.default\Cache.Trash\Trash\Cache\8\5F\8F707d1 not found!
C:\WINDOWS\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1564.log moved successfully.

PendingFileRenameOperations files...
File C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\9iswm21x.default\Cache.Trash\Trash\Cache\8\5F\8F707d1 not found!
File C:\WINDOWS\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1564.log not found!

Registry entries deleted on Reboot...

Alt 26.07.2012, 16:00   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield eingefangen - Standard

Security Shield eingefangen


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!


__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.07.2012, 09:04   #21
zbraff
 
Security Shield eingefangen - Standard

Security Shield eingefangen


Hier die Log-Datei:

Code:
ATTFilter
09:56:41.0531 2616	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:56:41.0546 2616	============================================================
09:56:41.0546 2616	Current date / time: 2012/07/27 09:56:41.0546
09:56:41.0546 2616	SystemInfo:
09:56:41.0546 2616	
09:56:41.0546 2616	OS Version: 5.1.2600 ServicePack: 3.0
09:56:41.0546 2616	Product type: Workstation
09:56:41.0546 2616	ComputerName: INTERNET-PC
09:56:41.0546 2616	UserName: ***
09:56:41.0546 2616	Windows directory: C:\WINDOWS
09:56:41.0546 2616	System windows directory: C:\WINDOWS
09:56:41.0546 2616	Processor architecture: Intel x86
09:56:41.0546 2616	Number of processors: 2
09:56:41.0546 2616	Page size: 0x1000
09:56:41.0546 2616	Boot type: Normal boot
09:56:41.0546 2616	============================================================
09:56:43.0171 2616	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:56:43.0171 2616	============================================================
09:56:43.0171 2616	\Device\Harddisk0\DR0:
09:56:43.0171 2616	MBR partitions:
09:56:43.0171 2616	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
09:56:43.0171 2616	============================================================
09:56:43.0187 2616	C: <-> \Device\Harddisk0\DR0\Partition0
09:56:43.0187 2616	============================================================
09:56:43.0187 2616	Initialize success
09:56:43.0187 2616	============================================================
09:57:09.0671 2480	============================================================
09:57:09.0671 2480	Scan started
09:57:09.0671 2480	Mode: Manual; SigCheck; TDLFS; 
09:57:09.0671 2480	============================================================
09:57:10.0625 2480	Abiosdsk - ok
09:57:10.0625 2480	abp480n5 - ok
09:57:10.0671 2480	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:57:11.0234 2480	ACPI ( UnsignedFile.Multi.Generic ) - warning
09:57:11.0234 2480	ACPI - detected UnsignedFile.Multi.Generic (1)
09:57:11.0281 2480	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:57:11.0281 2480	ACPIEC ( UnsignedFile.Multi.Generic ) - warning
09:57:11.0281 2480	ACPIEC - detected UnsignedFile.Multi.Generic (1)
09:57:11.0281 2480	adpu160m - ok
09:57:11.0328 2480	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:57:11.0343 2480	aec ( UnsignedFile.Multi.Generic ) - warning
09:57:11.0343 2480	aec - detected UnsignedFile.Multi.Generic (1)
09:57:11.0390 2480	AFD             (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
09:57:11.0390 2480	AFD ( UnsignedFile.Multi.Generic ) - warning
09:57:11.0390 2480	AFD - detected UnsignedFile.Multi.Generic (1)
09:57:11.0406 2480	Aha154x - ok
09:57:11.0406 2480	aic78u2 - ok
09:57:11.0406 2480	aic78xx - ok
09:57:11.0453 2480	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
09:57:11.0453 2480	Alerter ( UnsignedFile.Multi.Generic ) - warning
09:57:11.0453 2480	Alerter - detected UnsignedFile.Multi.Generic (1)
09:57:11.0468 2480	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
09:57:11.0484 2480	ALG ( UnsignedFile.Multi.Generic ) - warning
09:57:11.0484 2480	ALG - detected UnsignedFile.Multi.Generic (1)
09:57:11.0484 2480	AliIde - ok
09:57:11.0609 2480	Ambfilt         (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
09:57:11.0656 2480	Ambfilt ( UnsignedFile.Multi.Generic ) - warning
09:57:11.0656 2480	Ambfilt - detected UnsignedFile.Multi.Generic (1)
09:57:11.0781 2480	AmdPPM          (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
09:57:11.0796 2480	AmdPPM ( UnsignedFile.Multi.Generic ) - warning
09:57:11.0796 2480	AmdPPM - detected UnsignedFile.Multi.Generic (1)
09:57:11.0796 2480	amsint - ok
09:57:12.0093 2480	AntiVirMailService (b9b5dfafea592bd4ca967824ebb42e3d) C:\Programme\Avira\AntiVir Desktop\avmailc.exe
09:57:12.0281 2480	AntiVirMailService - ok
09:57:12.0328 2480	AntiVirSchedulerService (67b1d78711b4386c26241096326ee14a) C:\Programme\Avira\AntiVir Desktop\sched.exe
09:57:12.0328 2480	AntiVirSchedulerService - ok
09:57:12.0359 2480	AntiVirService  (845c4e7ae211edad5e0b832126f56932) C:\Programme\Avira\AntiVir Desktop\avguard.exe
09:57:12.0359 2480	AntiVirService - ok
09:57:12.0406 2480	AntiVirWebService (30d71e0c149943a8985d02ea0944f2fe) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
09:57:12.0421 2480	AntiVirWebService - ok
09:57:12.0421 2480	AppMgmt - ok
09:57:12.0421 2480	asc - ok
09:57:12.0437 2480	asc3350p - ok
09:57:12.0437 2480	asc3550 - ok
09:57:12.0562 2480	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:57:12.0562 2480	aspnet_state - ok
09:57:12.0593 2480	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:57:12.0625 2480	AsyncMac ( UnsignedFile.Multi.Generic ) - warning
09:57:12.0625 2480	AsyncMac - detected UnsignedFile.Multi.Generic (1)
09:57:12.0671 2480	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:57:12.0687 2480	atapi ( UnsignedFile.Multi.Generic ) - warning
09:57:12.0687 2480	atapi - detected UnsignedFile.Multi.Generic (1)
09:57:12.0687 2480	Atdisk - ok
09:57:12.0828 2480	Ati HotKey Poller (d140e4a4994c031d58d0f62ad4ef5507) C:\WINDOWS\system32\Ati2evxx.exe
09:57:12.0843 2480	Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning
09:57:12.0843 2480	Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)
09:57:13.0312 2480	ati2mtag        (6660b58e893499fb5cc7f92923d3f720) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:57:13.0453 2480	ati2mtag ( UnsignedFile.Multi.Generic ) - warning
09:57:13.0453 2480	ati2mtag - detected UnsignedFile.Multi.Generic (1)
09:57:13.0609 2480	AtiHdmiService  (e3b9fe6d478dc12ee9fb5169ee98d1ba) C:\WINDOWS\system32\drivers\AtiHdmi.sys
09:57:13.0609 2480	AtiHdmiService ( UnsignedFile.Multi.Generic ) - warning
09:57:13.0609 2480	AtiHdmiService - detected UnsignedFile.Multi.Generic (1)
09:57:13.0703 2480	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:57:13.0703 2480	Atmarpc ( UnsignedFile.Multi.Generic ) - warning
09:57:13.0703 2480	Atmarpc - detected UnsignedFile.Multi.Generic (1)
09:57:13.0734 2480	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
09:57:13.0734 2480	AudioSrv ( UnsignedFile.Multi.Generic ) - warning
09:57:13.0734 2480	AudioSrv - detected UnsignedFile.Multi.Generic (1)
09:57:13.0765 2480	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:57:13.0765 2480	audstub ( UnsignedFile.Multi.Generic ) - warning
09:57:13.0765 2480	audstub - detected UnsignedFile.Multi.Generic (1)
09:57:13.0796 2480	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
09:57:13.0812 2480	avgntflt - ok
09:57:13.0843 2480	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
09:57:13.0843 2480	avipbb - ok
09:57:13.0859 2480	avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
09:57:13.0859 2480	avkmgr - ok
09:57:13.0921 2480	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:57:13.0921 2480	Beep ( UnsignedFile.Multi.Generic ) - warning
09:57:13.0921 2480	Beep - detected UnsignedFile.Multi.Generic (1)
09:57:14.0000 2480	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
09:57:14.0109 2480	BITS ( UnsignedFile.Multi.Generic ) - warning
09:57:14.0109 2480	BITS - detected UnsignedFile.Multi.Generic (1)
09:57:14.0140 2480	brfilt          (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
09:57:14.0140 2480	brfilt ( UnsignedFile.Multi.Generic ) - warning
09:57:14.0140 2480	brfilt - detected UnsignedFile.Multi.Generic (1)
09:57:14.0187 2480	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
09:57:14.0203 2480	Browser ( UnsignedFile.Multi.Generic ) - warning
09:57:14.0203 2480	Browser - detected UnsignedFile.Multi.Generic (1)
09:57:14.0203 2480	Browser Defender Update Service - ok
09:57:14.0218 2480	BrSerWDM        (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
09:57:14.0218 2480	BrSerWDM ( UnsignedFile.Multi.Generic ) - warning
09:57:14.0218 2480	BrSerWDM - detected UnsignedFile.Multi.Generic (1)
09:57:14.0218 2480	BrUsbMdm        (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
09:57:14.0234 2480	BrUsbMdm ( UnsignedFile.Multi.Generic ) - warning
09:57:14.0234 2480	BrUsbMdm - detected UnsignedFile.Multi.Generic (1)
09:57:14.0234 2480	BrUsbScn        (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
09:57:14.0234 2480	BrUsbScn ( UnsignedFile.Multi.Generic ) - warning
09:57:14.0234 2480	BrUsbScn - detected UnsignedFile.Multi.Generic (1)
09:57:14.0265 2480	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:57:14.0281 2480	cbidf2k ( UnsignedFile.Multi.Generic ) - warning
09:57:14.0281 2480	cbidf2k - detected UnsignedFile.Multi.Generic (1)
09:57:14.0312 2480	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:57:14.0328 2480	CCDECODE ( UnsignedFile.Multi.Generic ) - warning
09:57:14.0328 2480	CCDECODE - detected UnsignedFile.Multi.Generic (1)
09:57:14.0328 2480	cd20xrnt - ok
09:57:14.0343 2480	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:57:14.0343 2480	Cdaudio ( UnsignedFile.Multi.Generic ) - warning
09:57:14.0343 2480	Cdaudio - detected UnsignedFile.Multi.Generic (1)
09:57:14.0390 2480	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:57:14.0406 2480	Cdfs ( UnsignedFile.Multi.Generic ) - warning
09:57:14.0406 2480	Cdfs - detected UnsignedFile.Multi.Generic (1)
09:57:14.0421 2480	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:57:14.0421 2480	Cdrom ( UnsignedFile.Multi.Generic ) - warning
09:57:14.0421 2480	Cdrom - detected UnsignedFile.Multi.Generic (1)
09:57:14.0437 2480	Changer - ok
09:57:14.0453 2480	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
09:57:14.0453 2480	CiSvc ( UnsignedFile.Multi.Generic ) - warning
09:57:14.0453 2480	CiSvc - detected UnsignedFile.Multi.Generic (1)
09:57:14.0468 2480	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
09:57:14.0531 2480	ClipSrv ( UnsignedFile.Multi.Generic ) - warning
09:57:14.0531 2480	ClipSrv - detected UnsignedFile.Multi.Generic (1)
09:57:14.0593 2480	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:57:14.0718 2480	clr_optimization_v2.0.50727_32 - ok
09:57:14.0796 2480	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:57:14.0812 2480	clr_optimization_v4.0.30319_32 - ok
09:57:14.0828 2480	CmdIde - ok
09:57:14.0828 2480	COMSysApp - ok
09:57:14.0843 2480	Cpqarray - ok
09:57:14.0875 2480	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
09:57:14.0875 2480	CryptSvc ( UnsignedFile.Multi.Generic ) - warning
09:57:14.0875 2480	CryptSvc - detected UnsignedFile.Multi.Generic (1)
09:57:14.0890 2480	dac2w2k - ok
09:57:14.0890 2480	dac960nt - ok
09:57:14.0968 2480	DcomLaunch      (e970c2296916bf4a2f958680016fe312) C:\WINDOWS\system32\rpcss.dll
09:57:14.0984 2480	DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
09:57:14.0984 2480	DcomLaunch - detected UnsignedFile.Multi.Generic (1)
09:57:15.0015 2480	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
09:57:15.0015 2480	Dhcp ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0015 2480	Dhcp - detected UnsignedFile.Multi.Generic (1)
09:57:15.0062 2480	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:57:15.0062 2480	Disk ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0062 2480	Disk - detected UnsignedFile.Multi.Generic (1)
09:57:15.0062 2480	dmadmin - ok
09:57:15.0234 2480	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
09:57:15.0265 2480	dmboot ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0265 2480	dmboot - detected UnsignedFile.Multi.Generic (1)
09:57:15.0296 2480	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
09:57:15.0312 2480	dmio ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0312 2480	dmio - detected UnsignedFile.Multi.Generic (1)
09:57:15.0343 2480	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:57:15.0359 2480	dmload ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0359 2480	dmload - detected UnsignedFile.Multi.Generic (1)
09:57:15.0375 2480	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
09:57:15.0390 2480	dmserver ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0390 2480	dmserver - detected UnsignedFile.Multi.Generic (1)
09:57:15.0421 2480	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:57:15.0421 2480	DMusic ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0421 2480	DMusic - detected UnsignedFile.Multi.Generic (1)
09:57:15.0437 2480	Dnscache        (8c9ed3b2834aae63081ab2da831c6fe9) C:\WINDOWS\System32\dnsrslvr.dll
09:57:15.0453 2480	Dnscache ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0453 2480	Dnscache - detected UnsignedFile.Multi.Generic (1)
09:57:15.0484 2480	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
09:57:15.0484 2480	Dot3svc ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0484 2480	Dot3svc - detected UnsignedFile.Multi.Generic (1)
09:57:15.0484 2480	dpti2o - ok
09:57:15.0500 2480	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:57:15.0500 2480	drmkaud ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0500 2480	drmkaud - detected UnsignedFile.Multi.Generic (1)
09:57:15.0515 2480	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
09:57:15.0515 2480	EapHost ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0515 2480	EapHost - detected UnsignedFile.Multi.Generic (1)
09:57:15.0546 2480	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
09:57:15.0562 2480	ERSvc ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0562 2480	ERSvc - detected UnsignedFile.Multi.Generic (1)
09:57:15.0578 2480	Eventlog        (4bb6a83640f1d1792ad21ce767b621c6) C:\WINDOWS\system32\services.exe
09:57:15.0578 2480	Eventlog ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0578 2480	Eventlog - detected UnsignedFile.Multi.Generic (1)
09:57:15.0609 2480	EventSystem     (0f3edaee1ef97cf3db2be23a7289b78c) C:\WINDOWS\system32\es.dll
09:57:15.0625 2480	EventSystem ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0625 2480	EventSystem - detected UnsignedFile.Multi.Generic (1)
09:57:15.0671 2480	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:57:15.0687 2480	Fastfat ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0687 2480	Fastfat - detected UnsignedFile.Multi.Generic (1)
09:57:15.0703 2480	FastUserSwitchingCompatibility (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
09:57:15.0718 2480	FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0718 2480	FastUserSwitchingCompatibility - detected UnsignedFile.Multi.Generic (1)
09:57:15.0718 2480	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:57:15.0734 2480	Fdc ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0734 2480	Fdc - detected UnsignedFile.Multi.Generic (1)
09:57:15.0750 2480	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
09:57:15.0750 2480	Fips ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0750 2480	Fips - detected UnsignedFile.Multi.Generic (1)
09:57:15.0765 2480	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:57:15.0765 2480	Flpydisk ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0765 2480	Flpydisk - detected UnsignedFile.Multi.Generic (1)
09:57:15.0812 2480	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:57:15.0828 2480	FltMgr ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0828 2480	FltMgr - detected UnsignedFile.Multi.Generic (1)
09:57:15.0937 2480	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:57:15.0937 2480	FontCache3.0.0.0 - ok
09:57:15.0968 2480	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:57:15.0968 2480	Fs_Rec ( UnsignedFile.Multi.Generic ) - warning
09:57:15.0968 2480	Fs_Rec - detected UnsignedFile.Multi.Generic (1)
09:57:15.0984 2480	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:57:16.0000 2480	Ftdisk ( UnsignedFile.Multi.Generic ) - warning
09:57:16.0000 2480	Ftdisk - detected UnsignedFile.Multi.Generic (1)
09:57:16.0000 2480	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:57:16.0015 2480	Gpc ( UnsignedFile.Multi.Generic ) - warning
09:57:16.0015 2480	Gpc - detected UnsignedFile.Multi.Generic (1)
09:57:16.0046 2480	GT680x          (3ed7c522c3361b7f3dd9ae12fb0ee603) C:\WINDOWS\system32\DRIVERS\GT680x.SYS
09:57:16.0046 2480	GT680x ( UnsignedFile.Multi.Generic ) - warning
09:57:16.0046 2480	GT680x - detected UnsignedFile.Multi.Generic (1)
09:57:16.0203 2480	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
09:57:16.0203 2480	gupdate - ok
09:57:16.0203 2480	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
09:57:16.0218 2480	gupdatem - ok
09:57:16.0250 2480	hcmon           (1db5002c16f4df11fd062bd4a277aa24) C:\WINDOWS\system32\drivers\hcmon.sys
09:57:16.0265 2480	hcmon - ok
09:57:16.0328 2480	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:57:16.0328 2480	HDAudBus ( UnsignedFile.Multi.Generic ) - warning
09:57:16.0328 2480	HDAudBus - detected UnsignedFile.Multi.Generic (1)
09:57:16.0375 2480	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:57:16.0375 2480	helpsvc ( UnsignedFile.Multi.Generic ) - warning
09:57:16.0375 2480	helpsvc - detected UnsignedFile.Multi.Generic (1)
09:57:16.0375 2480	HidServ - ok
09:57:16.0421 2480	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:57:16.0437 2480	hidusb ( UnsignedFile.Multi.Generic ) - warning
09:57:16.0437 2480	hidusb - detected UnsignedFile.Multi.Generic (1)
09:57:16.0468 2480	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
09:57:16.0468 2480	hkmsvc ( UnsignedFile.Multi.Generic ) - warning
09:57:16.0468 2480	hkmsvc - detected UnsignedFile.Multi.Generic (1)
09:57:16.0562 2480	HPKBCCID        (d63fad26328be60c23b435270cf013a0) C:\WINDOWS\system32\DRIVERS\HPKBCCID.sys
09:57:16.0578 2480	HPKBCCID ( UnsignedFile.Multi.Generic ) - warning
09:57:16.0578 2480	HPKBCCID - detected UnsignedFile.Multi.Generic (1)
09:57:16.0578 2480	hpn - ok
09:57:16.0640 2480	HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
09:57:16.0656 2480	HTTP ( UnsignedFile.Multi.Generic ) - warning
09:57:16.0656 2480	HTTP - detected UnsignedFile.Multi.Generic (1)
09:57:16.0703 2480	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
09:57:16.0703 2480	HTTPFilter ( UnsignedFile.Multi.Generic ) - warning
09:57:16.0703 2480	HTTPFilter - detected UnsignedFile.Multi.Generic (1)
09:57:16.0750 2480	HWiNFO32        (e766c3a458fe598cc67ce1264b26c3f1) C:\Programme\HWiNFO32\HWiNFO32.SYS
09:57:16.0750 2480	HWiNFO32 - ok
09:57:16.0750 2480	i2omgmt - ok
09:57:16.0765 2480	i2omp - ok
09:57:16.0781 2480	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:57:16.0781 2480	i8042prt ( UnsignedFile.Multi.Generic ) - warning
09:57:16.0781 2480	i8042prt - detected UnsignedFile.Multi.Generic (1)
09:57:16.0890 2480	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:57:16.0906 2480	idsvc - ok
09:57:17.0031 2480	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:57:17.0046 2480	Imapi ( UnsignedFile.Multi.Generic ) - warning
09:57:17.0046 2480	Imapi - detected UnsignedFile.Multi.Generic (1)
09:57:17.0093 2480	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
09:57:17.0109 2480	ImapiService ( UnsignedFile.Multi.Generic ) - warning
09:57:17.0109 2480	ImapiService - detected UnsignedFile.Multi.Generic (1)
09:57:17.0109 2480	ini910u - ok
09:57:17.0593 2480	IntcAzAudAddService (e8656858d8b2da7c9cf59fb4e5ce32ed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:57:17.0765 2480	IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - warning
09:57:17.0765 2480	IntcAzAudAddService - detected UnsignedFile.Multi.Generic (1)
09:57:17.0875 2480	IntelIde - ok
09:57:17.0921 2480	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:57:17.0921 2480	Ip6Fw ( UnsignedFile.Multi.Generic ) - warning
09:57:17.0921 2480	Ip6Fw - detected UnsignedFile.Multi.Generic (1)
09:57:17.0953 2480	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:57:17.0953 2480	IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
09:57:17.0953 2480	IpFilterDriver - detected UnsignedFile.Multi.Generic (1)
09:57:18.0015 2480	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:57:18.0031 2480	IpInIp ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0031 2480	IpInIp - detected UnsignedFile.Multi.Generic (1)
09:57:18.0031 2480	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:57:18.0046 2480	IpNat ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0046 2480	IpNat - detected UnsignedFile.Multi.Generic (1)
09:57:18.0078 2480	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:57:18.0078 2480	IPSec ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0078 2480	IPSec - detected UnsignedFile.Multi.Generic (1)
09:57:18.0187 2480	irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
09:57:18.0203 2480	irda ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0203 2480	irda - detected UnsignedFile.Multi.Generic (1)
09:57:18.0234 2480	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:57:18.0250 2480	IRENUM ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0250 2480	IRENUM - detected UnsignedFile.Multi.Generic (1)
09:57:18.0250 2480	Irmon           (2efe1db1ec58a26b0c14bfda122e246f) C:\WINDOWS\System32\irmon.dll
09:57:18.0265 2480	Irmon ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0265 2480	Irmon - detected UnsignedFile.Multi.Generic (1)
09:57:18.0265 2480	irsir           (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
09:57:18.0265 2480	irsir ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0265 2480	irsir - detected UnsignedFile.Multi.Generic (1)
09:57:18.0359 2480	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:57:18.0375 2480	isapnp ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0375 2480	isapnp - detected UnsignedFile.Multi.Generic (1)
09:57:18.0515 2480	JavaQuickStarterService (8c5c59e1921eca3607390a1f641556df) C:\Programme\Java\jre7\bin\jqs.exe
09:57:18.0515 2480	JavaQuickStarterService - ok
09:57:18.0531 2480	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:57:18.0531 2480	Kbdclass ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0531 2480	Kbdclass - detected UnsignedFile.Multi.Generic (1)
09:57:18.0562 2480	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:57:18.0578 2480	kbdhid ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0578 2480	kbdhid - detected UnsignedFile.Multi.Generic (1)
09:57:18.0625 2480	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:57:18.0640 2480	kmixer ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0640 2480	kmixer - detected UnsignedFile.Multi.Generic (1)
09:57:18.0671 2480	KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
09:57:18.0671 2480	KSecDD ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0671 2480	KSecDD - detected UnsignedFile.Multi.Generic (1)
09:57:18.0687 2480	LanmanServer    (d6eb4916b203cbe525f8eff5fd5ab16c) C:\WINDOWS\System32\srvsvc.dll
09:57:18.0687 2480	LanmanServer ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0687 2480	LanmanServer - detected UnsignedFile.Multi.Generic (1)
09:57:18.0703 2480	lanmanworkstation (c0db1e9367681ecd7ecca9615c1d0f9b) C:\WINDOWS\System32\wkssvc.dll
09:57:18.0718 2480	lanmanworkstation ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0718 2480	lanmanworkstation - detected UnsignedFile.Multi.Generic (1)
09:57:18.0718 2480	lbrtfdc - ok
09:57:18.0750 2480	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
09:57:18.0750 2480	LmHosts ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0750 2480	LmHosts - detected UnsignedFile.Multi.Generic (1)
09:57:18.0765 2480	LVRS - ok
09:57:18.0765 2480	LVUVC - ok
09:57:18.0812 2480	MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
09:57:18.0828 2480	MBAMSwissArmy - ok
09:57:18.0843 2480	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
09:57:18.0859 2480	Messenger ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0859 2480	Messenger - detected UnsignedFile.Multi.Generic (1)
09:57:18.0890 2480	mf              (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
09:57:18.0890 2480	mf ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0890 2480	mf - detected UnsignedFile.Multi.Generic (1)
09:57:18.0921 2480	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:57:18.0921 2480	mnmdd ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0921 2480	mnmdd - detected UnsignedFile.Multi.Generic (1)
09:57:18.0968 2480	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
09:57:18.0968 2480	mnmsrvc ( UnsignedFile.Multi.Generic ) - warning
09:57:18.0968 2480	mnmsrvc - detected UnsignedFile.Multi.Generic (1)
09:57:19.0015 2480	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
09:57:19.0015 2480	Modem ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0015 2480	Modem - detected UnsignedFile.Multi.Generic (1)
09:57:19.0140 2480	Monfilt         (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
09:57:19.0187 2480	Monfilt ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0187 2480	Monfilt - detected UnsignedFile.Multi.Generic (1)
09:57:19.0265 2480	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:57:19.0265 2480	Mouclass ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0265 2480	Mouclass - detected UnsignedFile.Multi.Generic (1)
09:57:19.0265 2480	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:57:19.0281 2480	mouhid ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0281 2480	mouhid - detected UnsignedFile.Multi.Generic (1)
09:57:19.0296 2480	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:57:19.0296 2480	MountMgr ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0296 2480	MountMgr - detected UnsignedFile.Multi.Generic (1)
09:57:19.0312 2480	mraid35x - ok
09:57:19.0328 2480	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:57:19.0343 2480	MRxDAV ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0343 2480	MRxDAV - detected UnsignedFile.Multi.Generic (1)
09:57:19.0375 2480	MRxSmb          (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:57:19.0390 2480	MRxSmb ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0390 2480	MRxSmb - detected UnsignedFile.Multi.Generic (1)
09:57:19.0421 2480	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
09:57:19.0437 2480	MSDTC ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0437 2480	MSDTC - detected UnsignedFile.Multi.Generic (1)
09:57:19.0453 2480	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:57:19.0468 2480	Msfs ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0468 2480	Msfs - detected UnsignedFile.Multi.Generic (1)
09:57:19.0468 2480	MSIServer - ok
09:57:19.0531 2480	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:57:19.0531 2480	MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0531 2480	MSKSSRV - detected UnsignedFile.Multi.Generic (1)
09:57:19.0531 2480	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:57:19.0546 2480	MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0546 2480	MSPCLOCK - detected UnsignedFile.Multi.Generic (1)
09:57:19.0546 2480	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:57:19.0562 2480	MSPQM ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0562 2480	MSPQM - detected UnsignedFile.Multi.Generic (1)
09:57:19.0578 2480	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:57:19.0593 2480	mssmbios ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0593 2480	mssmbios - detected UnsignedFile.Multi.Generic (1)
09:57:19.0609 2480	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:57:19.0656 2480	MSTEE ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0656 2480	MSTEE - detected UnsignedFile.Multi.Generic (1)
09:57:19.0671 2480	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
09:57:19.0671 2480	Mup ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0671 2480	Mup - detected UnsignedFile.Multi.Generic (1)
09:57:19.0703 2480	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:57:19.0703 2480	NABTSFEC ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0703 2480	NABTSFEC - detected UnsignedFile.Multi.Generic (1)
09:57:19.0765 2480	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
09:57:19.0781 2480	napagent ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0781 2480	napagent - detected UnsignedFile.Multi.Generic (1)
09:57:19.0796 2480	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:57:19.0796 2480	NDIS ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0796 2480	NDIS - detected UnsignedFile.Multi.Generic (1)
09:57:19.0828 2480	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:57:19.0828 2480	NdisIP ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0828 2480	NdisIP - detected UnsignedFile.Multi.Generic (1)
09:57:19.0875 2480	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:57:19.0875 2480	NdisTapi ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0875 2480	NdisTapi - detected UnsignedFile.Multi.Generic (1)
09:57:19.0921 2480	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:57:19.0937 2480	Ndisuio ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0937 2480	Ndisuio - detected UnsignedFile.Multi.Generic (1)
09:57:19.0937 2480	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:57:19.0953 2480	NdisWan ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0953 2480	NdisWan - detected UnsignedFile.Multi.Generic (1)
09:57:19.0953 2480	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
09:57:19.0968 2480	NDProxy ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0968 2480	NDProxy - detected UnsignedFile.Multi.Generic (1)
09:57:19.0968 2480	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:57:19.0984 2480	NetBIOS ( UnsignedFile.Multi.Generic ) - warning
09:57:19.0984 2480	NetBIOS - detected UnsignedFile.Multi.Generic (1)
09:57:20.0000 2480	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:57:20.0015 2480	NetBT ( UnsignedFile.Multi.Generic ) - warning
09:57:20.0015 2480	NetBT - detected UnsignedFile.Multi.Generic (1)
09:57:20.0125 2480	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
09:57:20.0125 2480	NetDDE ( UnsignedFile.Multi.Generic ) - warning
09:57:20.0125 2480	NetDDE - detected UnsignedFile.Multi.Generic (1)
09:57:20.0125 2480	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
09:57:20.0140 2480	NetDDEdsdm ( UnsignedFile.Multi.Generic ) - warning
09:57:20.0140 2480	NetDDEdsdm - detected UnsignedFile.Multi.Generic (1)
09:57:20.0171 2480	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:57:20.0218 2480	Netlogon ( UnsignedFile.Multi.Generic ) - warning
09:57:20.0218 2480	Netlogon - detected UnsignedFile.Multi.Generic (1)
09:57:20.0250 2480	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
09:57:20.0265 2480	Netman ( UnsignedFile.Multi.Generic ) - warning
09:57:20.0265 2480	Netman - detected UnsignedFile.Multi.Generic (1)
09:57:20.0359 2480	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:57:20.0375 2480	NetTcpPortSharing - ok
09:57:20.0406 2480	Nla             (f12b9d9a069331877d006cc81b4735f9) C:\WINDOWS\System32\mswsock.dll
09:57:20.0421 2480	Nla ( UnsignedFile.Multi.Generic ) - warning
09:57:20.0421 2480	Nla - detected UnsignedFile.Multi.Generic (1)
09:57:20.0578 2480	NMSAccess       (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Programme\CDBurnerXP\NMSAccessU.exe
09:57:20.0578 2480	NMSAccess - ok
09:57:20.0625 2480	nmwcd           (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
09:57:20.0640 2480	nmwcd ( UnsignedFile.Multi.Generic ) - warning
09:57:20.0640 2480	nmwcd - detected UnsignedFile.Multi.Generic (1)
09:57:20.0656 2480	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:57:20.0671 2480	Npfs ( UnsignedFile.Multi.Generic ) - warning
09:57:20.0671 2480	Npfs - detected UnsignedFile.Multi.Generic (1)
09:57:20.0734 2480	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:57:20.0750 2480	Ntfs ( UnsignedFile.Multi.Generic ) - warning
09:57:20.0750 2480	Ntfs - detected UnsignedFile.Multi.Generic (1)
09:57:20.0750 2480	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:57:20.0765 2480	NtLmSsp ( UnsignedFile.Multi.Generic ) - warning
09:57:20.0765 2480	NtLmSsp - detected UnsignedFile.Multi.Generic (1)
09:57:20.0828 2480	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
09:57:20.0843 2480	NtmsSvc ( UnsignedFile.Multi.Generic ) - warning
09:57:20.0843 2480	NtmsSvc - detected UnsignedFile.Multi.Generic (1)
09:57:20.0890 2480	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:57:20.0890 2480	Null ( UnsignedFile.Multi.Generic ) - warning
09:57:20.0890 2480	Null - detected UnsignedFile.Multi.Generic (1)
09:57:20.0937 2480	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:57:20.0937 2480	NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning
09:57:20.0937 2480	NwlnkFlt - detected UnsignedFile.Multi.Generic (1)
09:57:20.0968 2480	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:57:20.0968 2480	NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning
09:57:20.0968 2480	NwlnkFwd - detected UnsignedFile.Multi.Generic (1)
09:57:21.0015 2480	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
09:57:21.0031 2480	ose - ok
09:57:21.0109 2480	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
09:57:21.0125 2480	Parport ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0125 2480	Parport - detected UnsignedFile.Multi.Generic (1)
09:57:21.0125 2480	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:57:21.0140 2480	PartMgr ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0140 2480	PartMgr - detected UnsignedFile.Multi.Generic (1)
09:57:21.0171 2480	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
09:57:21.0171 2480	ParVdm ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0171 2480	ParVdm - detected UnsignedFile.Multi.Generic (1)
09:57:21.0203 2480	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
09:57:21.0203 2480	pccsmcfd ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0203 2480	pccsmcfd - detected UnsignedFile.Multi.Generic (1)
09:57:21.0234 2480	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
09:57:21.0234 2480	PCI ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0234 2480	PCI - detected UnsignedFile.Multi.Generic (1)
09:57:21.0250 2480	PCIDump - ok
09:57:21.0250 2480	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:57:21.0265 2480	PCIIde ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0265 2480	PCIIde - detected UnsignedFile.Multi.Generic (1)
09:57:21.0281 2480	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:57:21.0296 2480	Pcmcia ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0296 2480	Pcmcia - detected UnsignedFile.Multi.Generic (1)
09:57:21.0328 2480	PCTBD           (c6f3106f935dc7a93d131dae8744f805) C:\WINDOWS\system32\Drivers\PCTBD.sys
09:57:21.0343 2480	PCTBD - ok
09:57:21.0359 2480	PDCOMP - ok
09:57:21.0359 2480	PDFRAME - ok
09:57:21.0375 2480	PDRELI - ok
09:57:21.0375 2480	PDRFRAME - ok
09:57:21.0375 2480	perc2 - ok
09:57:21.0390 2480	perc2hib - ok
09:57:21.0437 2480	PlugPlay        (4bb6a83640f1d1792ad21ce767b621c6) C:\WINDOWS\system32\services.exe
09:57:21.0437 2480	PlugPlay ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0437 2480	PlugPlay - detected UnsignedFile.Multi.Generic (1)
09:57:21.0437 2480	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:57:21.0453 2480	PolicyAgent ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0453 2480	PolicyAgent - detected UnsignedFile.Multi.Generic (1)
09:57:21.0453 2480	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:57:21.0468 2480	PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0468 2480	PptpMiniport - detected UnsignedFile.Multi.Generic (1)
09:57:21.0515 2480	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
09:57:21.0515 2480	Processor ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0515 2480	Processor - detected UnsignedFile.Multi.Generic (1)
09:57:21.0515 2480	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:57:21.0531 2480	ProtectedStorage ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0531 2480	ProtectedStorage - detected UnsignedFile.Multi.Generic (1)
09:57:21.0531 2480	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:57:21.0546 2480	PSched ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0546 2480	PSched - detected UnsignedFile.Multi.Generic (1)
09:57:21.0562 2480	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:57:21.0578 2480	Ptilink ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0578 2480	Ptilink - detected UnsignedFile.Multi.Generic (1)
09:57:21.0593 2480	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:57:21.0593 2480	PxHelp20 - ok
09:57:21.0593 2480	ql1080 - ok
09:57:21.0609 2480	Ql10wnt - ok
09:57:21.0609 2480	ql12160 - ok
09:57:21.0625 2480	ql1240 - ok
09:57:21.0625 2480	ql1280 - ok
09:57:21.0656 2480	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:57:21.0656 2480	RasAcd ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0656 2480	RasAcd - detected UnsignedFile.Multi.Generic (1)
09:57:21.0687 2480	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
09:57:21.0703 2480	RasAuto ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0703 2480	RasAuto - detected UnsignedFile.Multi.Generic (1)
09:57:21.0734 2480	Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
09:57:21.0734 2480	Rasirda ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0734 2480	Rasirda - detected UnsignedFile.Multi.Generic (1)
09:57:21.0750 2480	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:57:21.0750 2480	Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0750 2480	Rasl2tp - detected UnsignedFile.Multi.Generic (1)
09:57:21.0781 2480	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
09:57:21.0781 2480	RasMan ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0781 2480	RasMan - detected UnsignedFile.Multi.Generic (1)
09:57:21.0796 2480	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:57:21.0796 2480	RasPppoe ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0796 2480	RasPppoe - detected UnsignedFile.Multi.Generic (1)
09:57:21.0812 2480	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:57:21.0812 2480	Raspti ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0812 2480	Raspti - detected UnsignedFile.Multi.Generic (1)
09:57:21.0859 2480	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:57:21.0875 2480	Rdbss ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0875 2480	Rdbss - detected UnsignedFile.Multi.Generic (1)
09:57:21.0875 2480	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:57:21.0890 2480	RDPCDD ( UnsignedFile.Multi.Generic ) - warning
09:57:21.0890 2480	RDPCDD - detected UnsignedFile.Multi.Generic (1)
09:57:22.0062 2480	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
09:57:22.0078 2480	RDPWD ( UnsignedFile.Multi.Generic ) - warning
09:57:22.0078 2480	RDPWD - detected UnsignedFile.Multi.Generic (1)
09:57:22.0109 2480	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
09:57:22.0109 2480	RDSessMgr ( UnsignedFile.Multi.Generic ) - warning
09:57:22.0109 2480	RDSessMgr - detected UnsignedFile.Multi.Generic (1)
09:57:22.0125 2480	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:57:22.0140 2480	redbook ( UnsignedFile.Multi.Generic ) - warning
09:57:22.0140 2480	redbook - detected UnsignedFile.Multi.Generic (1)
09:57:22.0250 2480	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
09:57:22.0250 2480	RemoteAccess ( UnsignedFile.Multi.Generic ) - warning
09:57:22.0250 2480	RemoteAccess - detected UnsignedFile.Multi.Generic (1)
09:57:22.0265 2480	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
09:57:22.0265 2480	RpcLocator ( UnsignedFile.Multi.Generic ) - warning
09:57:22.0265 2480	RpcLocator - detected UnsignedFile.Multi.Generic (1)
09:57:22.0343 2480	RpcSs           (e970c2296916bf4a2f958680016fe312) C:\WINDOWS\system32\rpcss.dll
09:57:22.0359 2480	RpcSs ( UnsignedFile.Multi.Generic ) - warning
09:57:22.0359 2480	RpcSs - detected UnsignedFile.Multi.Generic (1)
09:57:22.0406 2480	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
09:57:22.0421 2480	RSVP ( UnsignedFile.Multi.Generic ) - warning
09:57:22.0421 2480	RSVP - detected UnsignedFile.Multi.Generic (1)
09:57:22.0468 2480	RTLE8023xp      (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
09:57:22.0484 2480	RTLE8023xp ( UnsignedFile.Multi.Generic ) - warning
09:57:22.0484 2480	RTLE8023xp - detected UnsignedFile.Multi.Generic (1)
09:57:22.0515 2480	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
09:57:22.0515 2480	SamSs ( UnsignedFile.Multi.Generic ) - warning
09:57:22.0515 2480	SamSs - detected UnsignedFile.Multi.Generic (1)
09:57:22.0562 2480	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
09:57:22.0562 2480	SCardSvr ( UnsignedFile.Multi.Generic ) - warning
09:57:22.0562 2480	SCardSvr - detected UnsignedFile.Multi.Generic (1)
09:57:22.0640 2480	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
09:57:22.0656 2480	Schedule ( UnsignedFile.Multi.Generic ) - warning
09:57:22.0656 2480	Schedule - detected UnsignedFile.Multi.Generic (1)
09:57:22.0671 2480	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:57:22.0687 2480	Secdrv ( UnsignedFile.Multi.Generic ) - warning
09:57:22.0687 2480	Secdrv - detected UnsignedFile.Multi.Generic (1)
09:57:22.0703 2480	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
09:57:22.0703 2480	seclogon ( UnsignedFile.Multi.Generic ) - warning
09:57:22.0703 2480	seclogon - detected UnsignedFile.Multi.Generic (1)
09:57:22.0734 2480	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
09:57:22.0734 2480	SENS ( UnsignedFile.Multi.Generic ) - warning
09:57:22.0734 2480	SENS - detected UnsignedFile.Multi.Generic (1)
09:57:22.0937 2480	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:57:22.0937 2480	serenum ( UnsignedFile.Multi.Generic ) - warning
09:57:22.0937 2480	serenum - detected UnsignedFile.Multi.Generic (1)
09:57:22.0953 2480	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
09:57:22.0953 2480	Serial ( UnsignedFile.Multi.Generic ) - warning
09:57:22.0953 2480	Serial - detected UnsignedFile.Multi.Generic (1)
09:57:23.0140 2480	ServiceLayer    (2d841b7b7f6dec32162edfcc69d61f42) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
09:57:23.0171 2480	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
09:57:23.0171 2480	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
09:57:23.0203 2480	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:57:23.0218 2480	Sfloppy ( UnsignedFile.Multi.Generic ) - warning
09:57:23.0218 2480	Sfloppy - detected UnsignedFile.Multi.Generic (1)
09:57:23.0234 2480	ShellHWDetection (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
09:57:23.0250 2480	ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
09:57:23.0250 2480	ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
09:57:23.0250 2480	Simbad - ok
09:57:23.0281 2480	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:57:23.0296 2480	SLIP ( UnsignedFile.Multi.Generic ) - warning
09:57:23.0296 2480	SLIP - detected UnsignedFile.Multi.Generic (1)
09:57:23.0312 2480	Sparrow - ok
09:57:23.0406 2480	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:57:23.0421 2480	splitter ( UnsignedFile.Multi.Generic ) - warning
09:57:23.0421 2480	splitter - detected UnsignedFile.Multi.Generic (1)
09:57:23.0437 2480	Spooler         (39356a9cdb6753a6d13a4072a9f5a4bb) C:\WINDOWS\system32\spoolsv.exe
09:57:23.0437 2480	Spooler ( UnsignedFile.Multi.Generic ) - warning
09:57:23.0437 2480	Spooler - detected UnsignedFile.Multi.Generic (1)
09:57:23.0484 2480	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
09:57:23.0500 2480	sr ( UnsignedFile.Multi.Generic ) - warning
09:57:23.0500 2480	sr - detected UnsignedFile.Multi.Generic (1)
09:57:23.0531 2480	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
09:57:23.0531 2480	srservice ( UnsignedFile.Multi.Generic ) - warning
09:57:23.0531 2480	srservice - detected UnsignedFile.Multi.Generic (1)
09:57:23.0562 2480	Srv             (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
09:57:23.0578 2480	Srv ( UnsignedFile.Multi.Generic ) - warning
09:57:23.0578 2480	Srv - detected UnsignedFile.Multi.Generic (1)
09:57:23.0625 2480	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
09:57:23.0640 2480	SSDPSRV ( UnsignedFile.Multi.Generic ) - warning
09:57:23.0640 2480	SSDPSRV - detected UnsignedFile.Multi.Generic (1)
09:57:23.0671 2480	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
09:57:23.0687 2480	ssmdrv - ok
09:57:23.0703 2480	StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
09:57:23.0718 2480	StarOpen ( UnsignedFile.Multi.Generic ) - warning
09:57:23.0718 2480	StarOpen - detected UnsignedFile.Multi.Generic (1)
09:57:23.0718 2480	STC2DFU - ok
09:57:23.0750 2480	STCFUx32        (232ddb986b6607edb49766ad39265d68) C:\WINDOWS\system32\DRIVERS\STCFUx32.SYS
09:57:23.0750 2480	STCFUx32 ( UnsignedFile.Multi.Generic ) - warning
09:57:23.0750 2480	STCFUx32 - detected UnsignedFile.Multi.Generic (1)
09:57:23.0859 2480	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
09:57:23.0875 2480	stisvc ( UnsignedFile.Multi.Generic ) - warning
09:57:23.0875 2480	stisvc - detected UnsignedFile.Multi.Generic (1)
09:57:23.0906 2480	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:57:23.0906 2480	streamip ( UnsignedFile.Multi.Generic ) - warning
09:57:23.0906 2480	streamip - detected UnsignedFile.Multi.Generic (1)
09:57:23.0921 2480	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:57:23.0937 2480	swenum ( UnsignedFile.Multi.Generic ) - warning
09:57:23.0937 2480	swenum - detected UnsignedFile.Multi.Generic (1)
09:57:24.0000 2480	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:57:24.0015 2480	swmidi ( UnsignedFile.Multi.Generic ) - warning
09:57:24.0015 2480	swmidi - detected UnsignedFile.Multi.Generic (1)
09:57:24.0015 2480	SwPrv - ok
09:57:24.0015 2480	symc810 - ok
09:57:24.0031 2480	symc8xx - ok
09:57:24.0031 2480	sym_hi - ok
09:57:24.0046 2480	sym_u3 - ok
09:57:24.0078 2480	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:57:24.0078 2480	sysaudio ( UnsignedFile.Multi.Generic ) - warning
09:57:24.0078 2480	sysaudio - detected UnsignedFile.Multi.Generic (1)
09:57:24.0125 2480	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
09:57:24.0125 2480	SysmonLog ( UnsignedFile.Multi.Generic ) - warning
09:57:24.0125 2480	SysmonLog - detected UnsignedFile.Multi.Generic (1)
09:57:24.0156 2480	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
09:57:24.0171 2480	TapiSrv ( UnsignedFile.Multi.Generic ) - warning
09:57:24.0171 2480	TapiSrv - detected UnsignedFile.Multi.Generic (1)
09:57:24.0234 2480	Tcpip           (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:57:24.0250 2480	Tcpip ( UnsignedFile.Multi.Generic ) - warning
09:57:24.0250 2480	Tcpip - detected UnsignedFile.Multi.Generic (1)
09:57:24.0281 2480	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:57:24.0296 2480	TDPIPE ( UnsignedFile.Multi.Generic ) - warning
09:57:24.0296 2480	TDPIPE - detected UnsignedFile.Multi.Generic (1)
09:57:24.0312 2480	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:57:24.0312 2480	TDTCP ( UnsignedFile.Multi.Generic ) - warning
09:57:24.0312 2480	TDTCP - detected UnsignedFile.Multi.Generic (1)
09:57:24.0328 2480	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:57:24.0328 2480	TermDD ( UnsignedFile.Multi.Generic ) - warning
09:57:24.0328 2480	TermDD - detected UnsignedFile.Multi.Generic (1)
09:57:24.0421 2480	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
09:57:24.0437 2480	TermService ( UnsignedFile.Multi.Generic ) - warning
09:57:24.0437 2480	TermService - detected UnsignedFile.Multi.Generic (1)
09:57:24.0453 2480	Themes          (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
09:57:24.0468 2480	Themes ( UnsignedFile.Multi.Generic ) - warning
09:57:24.0468 2480	Themes - detected UnsignedFile.Multi.Generic (1)
09:57:24.0468 2480	TosIde - ok
09:57:24.0640 2480	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
09:57:24.0656 2480	TrkWks ( UnsignedFile.Multi.Generic ) - warning
09:57:24.0656 2480	TrkWks - detected UnsignedFile.Multi.Generic (1)
09:57:24.0687 2480	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:57:24.0703 2480	Udfs ( UnsignedFile.Multi.Generic ) - warning
09:57:24.0703 2480	Udfs - detected UnsignedFile.Multi.Generic (1)
09:57:24.0890 2480	ufad-ws60       (3f2d08b07cf67cb37e669a93e59a508c) C:\Programme\VMware\VMware Player\vmware-ufad.exe
09:57:24.0890 2480	ufad-ws60 - ok
09:57:24.0890 2480	ultra - ok
09:57:24.0984 2480	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:57:25.0000 2480	Update ( UnsignedFile.Multi.Generic ) - warning
09:57:25.0000 2480	Update - detected UnsignedFile.Multi.Generic (1)
09:57:25.0046 2480	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
09:57:25.0062 2480	upnphost ( UnsignedFile.Multi.Generic ) - warning
09:57:25.0062 2480	upnphost - detected UnsignedFile.Multi.Generic (1)
09:57:25.0093 2480	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
09:57:25.0109 2480	UPS ( UnsignedFile.Multi.Generic ) - warning
09:57:25.0109 2480	UPS - detected UnsignedFile.Multi.Generic (1)
09:57:25.0234 2480	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:57:25.0250 2480	usbaudio ( UnsignedFile.Multi.Generic ) - warning
09:57:25.0250 2480	usbaudio - detected UnsignedFile.Multi.Generic (1)
09:57:25.0281 2480	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:57:25.0281 2480	usbccgp ( UnsignedFile.Multi.Generic ) - warning
09:57:25.0281 2480	usbccgp - detected UnsignedFile.Multi.Generic (1)
09:57:25.0312 2480	USBCCID         (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys
09:57:25.0312 2480	USBCCID ( UnsignedFile.Multi.Generic ) - warning
09:57:25.0312 2480	USBCCID - detected UnsignedFile.Multi.Generic (1)
09:57:25.0359 2480	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:57:25.0359 2480	usbehci ( UnsignedFile.Multi.Generic ) - warning
09:57:25.0359 2480	usbehci - detected UnsignedFile.Multi.Generic (1)
09:57:25.0375 2480	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:57:25.0375 2480	usbhub ( UnsignedFile.Multi.Generic ) - warning
09:57:25.0375 2480	usbhub - detected UnsignedFile.Multi.Generic (1)
09:57:25.0421 2480	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:57:25.0421 2480	usbohci ( UnsignedFile.Multi.Generic ) - warning
09:57:25.0421 2480	usbohci - detected UnsignedFile.Multi.Generic (1)
09:57:25.0500 2480	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:57:25.0500 2480	usbprint ( UnsignedFile.Multi.Generic ) - warning
09:57:25.0500 2480	usbprint - detected UnsignedFile.Multi.Generic (1)
09:57:25.0531 2480	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:57:25.0546 2480	usbscan ( UnsignedFile.Multi.Generic ) - warning
09:57:25.0546 2480	usbscan - detected UnsignedFile.Multi.Generic (1)
09:57:25.0609 2480	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:57:25.0609 2480	USBSTOR ( UnsignedFile.Multi.Generic ) - warning
09:57:25.0609 2480	USBSTOR - detected UnsignedFile.Multi.Generic (1)
09:57:25.0656 2480	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:57:25.0671 2480	usbvideo ( UnsignedFile.Multi.Generic ) - warning
09:57:25.0671 2480	usbvideo - detected UnsignedFile.Multi.Generic (1)
09:57:25.0718 2480	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:57:25.0718 2480	VgaSave ( UnsignedFile.Multi.Generic ) - warning
09:57:25.0718 2480	VgaSave - detected UnsignedFile.Multi.Generic (1)
09:57:25.0718 2480	ViaIde - ok
09:57:25.0781 2480	VMAuthdService  (9af896b739e3f34b9cd56eafa84abe60) C:\Programme\VMware\VMware Player\vmware-authd.exe
09:57:25.0781 2480	VMAuthdService - ok
09:57:25.0828 2480	vmci            (33c6f2e02662a7900cac6ab2607e9f88) C:\WINDOWS\system32\Drivers\vmci.sys
09:57:25.0843 2480	vmci - ok
09:57:25.0859 2480	vmkbd           (852d9499d01d75b024d497a306dbb76d) C:\WINDOWS\system32\drivers\VMkbd.sys
09:57:25.0859 2480	vmkbd - ok
09:57:25.0906 2480	VMnetAdapter    (e41704d8149992107b333cc7a52c07cc) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
09:57:25.0906 2480	VMnetAdapter - ok
09:57:25.0937 2480	VMnetBridge     (e887150bfee294bffeb28fb49698ae55) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
09:57:25.0953 2480	VMnetBridge - ok
09:57:26.0000 2480	VMnetDHCP       (1e9f6817bdd878e4c4e701c64f6352e7) C:\WINDOWS\system32\vmnetdhcp.exe
09:57:26.0000 2480	VMnetDHCP - ok
09:57:26.0031 2480	VMnetuserif     (c3837c0c499aa62f2a2ac8dbf5015817) C:\WINDOWS\system32\drivers\vmnetuserif.sys
09:57:26.0031 2480	VMnetuserif - ok
09:57:26.0046 2480	VMparport       (5e3af8a6b096fd934a96d32d97843a69) C:\WINDOWS\system32\Drivers\VMparport.sys
09:57:26.0046 2480	VMparport - ok
09:57:26.0125 2480	VMUSBArbService (f38f5e1d9dec6cd1955a91ab141a88fb) C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
09:57:26.0140 2480	VMUSBArbService - ok
09:57:26.0171 2480	VMware NAT Service (3fe2942910eacdc7271e40c8c037d63f) C:\WINDOWS\system32\vmnat.exe
09:57:26.0187 2480	VMware NAT Service - ok
09:57:26.0250 2480	vmx86           (4e53d280de6d5d523e39fbbddff0e819) C:\WINDOWS\system32\Drivers\vmx86.sys
09:57:26.0265 2480	vmx86 - ok
09:57:26.0312 2480	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
09:57:26.0328 2480	VolSnap ( UnsignedFile.Multi.Generic ) - warning
09:57:26.0328 2480	VolSnap - detected UnsignedFile.Multi.Generic (1)
09:57:26.0390 2480	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
09:57:26.0406 2480	VSS ( UnsignedFile.Multi.Generic ) - warning
09:57:26.0406 2480	VSS - detected UnsignedFile.Multi.Generic (1)
09:57:26.0609 2480	vstor2-ws60     (476a052b3ce506ed63a94018f3e979d5) C:\Programme\VMware\VMware Player\vstor2-ws60.sys
09:57:26.0625 2480	vstor2-ws60 - ok
09:57:26.0718 2480	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
09:57:26.0734 2480	W32Time ( UnsignedFile.Multi.Generic ) - warning
09:57:26.0734 2480	W32Time - detected UnsignedFile.Multi.Generic (1)
09:57:26.0750 2480	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:57:26.0765 2480	Wanarp ( UnsignedFile.Multi.Generic ) - warning
09:57:26.0765 2480	Wanarp - detected UnsignedFile.Multi.Generic (1)
09:57:26.0843 2480	Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
09:57:26.0859 2480	Wdf01000 - ok
09:57:26.0875 2480	WDICA - ok
09:57:27.0015 2480	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:57:27.0015 2480	wdmaud ( UnsignedFile.Multi.Generic ) - warning
09:57:27.0015 2480	wdmaud - detected UnsignedFile.Multi.Generic (1)
09:57:27.0031 2480	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
09:57:27.0046 2480	WebClient ( UnsignedFile.Multi.Generic ) - warning
09:57:27.0046 2480	WebClient - detected UnsignedFile.Multi.Generic (1)
09:57:27.0171 2480	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:57:27.0187 2480	winmgmt ( UnsignedFile.Multi.Generic ) - warning
09:57:27.0187 2480	winmgmt - detected UnsignedFile.Multi.Generic (1)
09:57:27.0218 2480	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:57:27.0218 2480	WmdmPmSN ( UnsignedFile.Multi.Generic ) - warning
09:57:27.0218 2480	WmdmPmSN - detected UnsignedFile.Multi.Generic (1)
09:57:27.0234 2480	WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:57:27.0250 2480	WmiAcpi ( UnsignedFile.Multi.Generic ) - warning
09:57:27.0250 2480	WmiAcpi - detected UnsignedFile.Multi.Generic (1)
09:57:27.0281 2480	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:57:27.0281 2480	WmiApSrv ( UnsignedFile.Multi.Generic ) - warning
09:57:27.0281 2480	WmiApSrv - detected UnsignedFile.Multi.Generic (1)
09:57:27.0468 2480	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:57:27.0484 2480	WPFFontCache_v0400 - ok
09:57:27.0531 2480	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:57:27.0546 2480	WS2IFSL ( UnsignedFile.Multi.Generic ) - warning
09:57:27.0546 2480	WS2IFSL - detected UnsignedFile.Multi.Generic (1)
09:57:27.0609 2480	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:57:27.0609 2480	WSTCODEC ( UnsignedFile.Multi.Generic ) - warning
09:57:27.0609 2480	WSTCODEC - detected UnsignedFile.Multi.Generic (1)
09:57:27.0656 2480	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
09:57:27.0703 2480	wuauserv ( UnsignedFile.Multi.Generic ) - warning
09:57:27.0703 2480	wuauserv - detected UnsignedFile.Multi.Generic (1)
09:57:27.0781 2480	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:57:27.0796 2480	WudfPf ( UnsignedFile.Multi.Generic ) - warning
09:57:27.0796 2480	WudfPf - detected UnsignedFile.Multi.Generic (1)
09:57:27.0812 2480	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:57:27.0828 2480	WudfRd ( UnsignedFile.Multi.Generic ) - warning
09:57:27.0828 2480	WudfRd - detected UnsignedFile.Multi.Generic (1)
09:57:27.0859 2480	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:57:27.0906 2480	WudfSvc ( UnsignedFile.Multi.Generic ) - warning
09:57:27.0906 2480	WudfSvc - detected UnsignedFile.Multi.Generic (1)
09:57:27.0968 2480	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
09:57:27.0984 2480	WZCSVC ( UnsignedFile.Multi.Generic ) - warning
09:57:27.0984 2480	WZCSVC - detected UnsignedFile.Multi.Generic (1)
09:57:28.0015 2480	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
09:57:28.0031 2480	xmlprov ( UnsignedFile.Multi.Generic ) - warning
09:57:28.0031 2480	xmlprov - detected UnsignedFile.Multi.Generic (1)
09:57:28.0062 2480	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
09:57:28.0562 2480	\Device\Harddisk0\DR0 - ok
09:57:28.0562 2480	Boot (0x1200)   (3d84f571ad2a85f9cc4012a1e237493c) \Device\Harddisk0\DR0\Partition0
09:57:28.0562 2480	\Device\Harddisk0\DR0\Partition0 - ok
09:57:28.0562 2480	============================================================
09:57:28.0562 2480	Scan finished
09:57:28.0562 2480	============================================================
09:57:28.0671 2460	Detected object count: 224
09:57:28.0671 2460	Actual detected object count: 224
09:58:25.0468 2460	ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0468 2460	ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0468 2460	ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0468 2460	ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0468 2460	aec ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0468 2460	aec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0468 2460	AFD ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0468 2460	AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0484 2460	Alerter ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0484 2460	Alerter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0484 2460	ALG ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0484 2460	ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0484 2460	Ambfilt ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0484 2460	Ambfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0484 2460	AmdPPM ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0484 2460	AmdPPM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0484 2460	AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0484 2460	AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0500 2460	atapi ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0500 2460	atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0500 2460	Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0500 2460	Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0500 2460	ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0500 2460	ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0500 2460	AtiHdmiService ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0500 2460	AtiHdmiService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0500 2460	Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0500 2460	Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0500 2460	AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0500 2460	AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0515 2460	audstub ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0515 2460	audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0515 2460	Beep ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0515 2460	Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0515 2460	BITS ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0515 2460	BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0515 2460	brfilt ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0515 2460	brfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0515 2460	Browser ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0515 2460	Browser ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0515 2460	BrSerWDM ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0515 2460	BrSerWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0515 2460	BrUsbMdm ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0515 2460	BrUsbMdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0515 2460	BrUsbScn ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0531 2460	BrUsbScn ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0531 2460	cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0531 2460	cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0531 2460	CCDECODE ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0531 2460	CCDECODE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0531 2460	Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0531 2460	Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0531 2460	Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0531 2460	Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0531 2460	Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0531 2460	Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0546 2460	CiSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0546 2460	CiSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0546 2460	ClipSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0546 2460	ClipSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0546 2460	CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0546 2460	CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0546 2460	DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0546 2460	DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0546 2460	Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0546 2460	Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0562 2460	Disk ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0562 2460	Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0562 2460	dmboot ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0562 2460	dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0562 2460	dmio ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0562 2460	dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0562 2460	dmload ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0562 2460	dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0562 2460	dmserver ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0562 2460	dmserver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0562 2460	DMusic ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0562 2460	DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0578 2460	Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0578 2460	Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0578 2460	Dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0578 2460	Dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0578 2460	drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0578 2460	drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0578 2460	EapHost ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0578 2460	EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0578 2460	ERSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0578 2460	ERSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0593 2460	Eventlog ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0593 2460	Eventlog ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0593 2460	EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0593 2460	EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0593 2460	Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0593 2460	Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0593 2460	FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0593 2460	FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0593 2460	Fdc ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0593 2460	Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0609 2460	Fips ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0609 2460	Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0609 2460	Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0609 2460	Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0609 2460	FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0609 2460	FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0609 2460	Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0609 2460	Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0609 2460	Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0609 2460	Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0609 2460	Gpc ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0609 2460	Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0625 2460	GT680x ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0625 2460	GT680x ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0625 2460	HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0625 2460	HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0625 2460	helpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0625 2460	helpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0625 2460	hidusb ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0625 2460	hidusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0625 2460	hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0625 2460	hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0640 2460	HPKBCCID ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0640 2460	HPKBCCID ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0640 2460	HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0640 2460	HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0640 2460	HTTPFilter ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0640 2460	HTTPFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0640 2460	i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0640 2460	i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0640 2460	Imapi ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0640 2460	Imapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0640 2460	ImapiService ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0640 2460	ImapiService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0656 2460	IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0656 2460	IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0656 2460	Ip6Fw ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0656 2460	Ip6Fw ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0656 2460	IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0656 2460	IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0656 2460	IpInIp ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0656 2460	IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0656 2460	IpNat ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0656 2460	IpNat ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0671 2460	IPSec ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0671 2460	IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0671 2460	irda ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0671 2460	irda ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0671 2460	IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0671 2460	IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0671 2460	Irmon ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0671 2460	Irmon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0671 2460	irsir ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0671 2460	irsir ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0671 2460	isapnp ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0671 2460	isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0687 2460	Kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0687 2460	Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0687 2460	kbdhid ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0687 2460	kbdhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0687 2460	kmixer ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0687 2460	kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0687 2460	KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0687 2460	KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0687 2460	LanmanServer ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0687 2460	LanmanServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0703 2460	lanmanworkstation ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0703 2460	lanmanworkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0703 2460	LmHosts ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0703 2460	LmHosts ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0703 2460	Messenger ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0703 2460	Messenger ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0703 2460	mf ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0703 2460	mf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0703 2460	mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0703 2460	mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0718 2460	mnmsrvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0718 2460	mnmsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0718 2460	Modem ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0718 2460	Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0718 2460	Monfilt ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0718 2460	Monfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0718 2460	Mouclass ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0718 2460	Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0718 2460	mouhid ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0718 2460	mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0718 2460	MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0718 2460	MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0734 2460	MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0734 2460	MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0734 2460	MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0734 2460	MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0734 2460	MSDTC ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0734 2460	MSDTC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0734 2460	Msfs ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0734 2460	Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0734 2460	MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0734 2460	MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0750 2460	MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0750 2460	MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0750 2460	MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0750 2460	MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0750 2460	mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0750 2460	mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0750 2460	MSTEE ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0750 2460	MSTEE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0750 2460	Mup ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0750 2460	Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0750 2460	NABTSFEC ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0750 2460	NABTSFEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0765 2460	napagent ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0765 2460	napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0765 2460	NDIS ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0765 2460	NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0765 2460	NdisIP ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0765 2460	NdisIP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0765 2460	NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0765 2460	NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0765 2460	Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0765 2460	Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0781 2460	NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0781 2460	NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0781 2460	NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0781 2460	NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0781 2460	NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0781 2460	NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0781 2460	NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0781 2460	NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0781 2460	NetDDE ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0781 2460	NetDDE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0796 2460	NetDDEdsdm ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0796 2460	NetDDEdsdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0796 2460	Netlogon ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0796 2460	Netlogon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0796 2460	Netman ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0796 2460	Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0796 2460	Nla ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0796 2460	Nla ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0796 2460	nmwcd ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0796 2460	nmwcd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0796 2460	Npfs ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0796 2460	Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0812 2460	Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0812 2460	Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0812 2460	NtLmSsp ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0812 2460	NtLmSsp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0812 2460	NtmsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0812 2460	NtmsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0812 2460	Null ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0812 2460	Null ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0812 2460	NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0812 2460	NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0828 2460	NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0828 2460	NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0828 2460	Parport ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0828 2460	Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0828 2460	PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0828 2460	PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0828 2460	ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0828 2460	ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0828 2460	pccsmcfd ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0828 2460	pccsmcfd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0843 2460	PCI ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0843 2460	PCI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0843 2460	PCIIde ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0843 2460	PCIIde ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0843 2460	Pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0843 2460	Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0843 2460	PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0843 2460	PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0843 2460	PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0843 2460	PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0843 2460	PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0843 2460	PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0843 2460	Processor ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0843 2460	Processor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0859 2460	ProtectedStorage ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0859 2460	ProtectedStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0859 2460	PSched ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0859 2460	PSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0859 2460	Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0859 2460	Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0859 2460	RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0859 2460	RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0859 2460	RasAuto ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0859 2460	RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0875 2460	Rasirda ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0875 2460	Rasirda ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0875 2460	Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0875 2460	Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0875 2460	RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0875 2460	RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0875 2460	RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0875 2460	RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0875 2460	Raspti ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0875 2460	Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0875 2460	Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0875 2460	Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0890 2460	RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0890 2460	RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0890 2460	RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0890 2460	RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0890 2460	RDSessMgr ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0890 2460	RDSessMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0890 2460	redbook ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0890 2460	redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0890 2460	RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0890 2460	RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0906 2460	RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0906 2460	RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0906 2460	RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0906 2460	RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0906 2460	RSVP ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0906 2460	RSVP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0906 2460	RTLE8023xp ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0906 2460	RTLE8023xp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0906 2460	SamSs ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0906 2460	SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0921 2460	SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0921 2460	SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0921 2460	Schedule ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0921 2460	Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0921 2460	Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0921 2460	Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0921 2460	seclogon ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0921 2460	seclogon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0921 2460	SENS ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0921 2460	SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0921 2460	serenum ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0921 2460	serenum ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0937 2460	Serial ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0937 2460	Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0937 2460	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0937 2460	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0937 2460	Sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0937 2460	Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0937 2460	ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0937 2460	ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0937 2460	SLIP ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0937 2460	SLIP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0953 2460	splitter ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0953 2460	splitter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0953 2460	Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0953 2460	Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0953 2460	sr ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0953 2460	sr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0953 2460	srservice ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0953 2460	srservice ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0953 2460	Srv ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0953 2460	Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0953 2460	SSDPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0953 2460	SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0968 2460	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0968 2460	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0968 2460	STCFUx32 ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0968 2460	STCFUx32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0968 2460	stisvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0968 2460	stisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0968 2460	streamip ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0968 2460	streamip ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0968 2460	swenum ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0968 2460	swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0984 2460	swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0984 2460	swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0984 2460	sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0984 2460	sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0984 2460	SysmonLog ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0984 2460	SysmonLog ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0984 2460	TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0984 2460	TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:25.0984 2460	Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:25.0984 2460	Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0000 2460	TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0000 2460	TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0000 2460	TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0000 2460	TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0000 2460	TermDD ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0000 2460	TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0000 2460	TermService ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0000 2460	TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0000 2460	Themes ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0000 2460	Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0000 2460	TrkWks ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0000 2460	TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0015 2460	Udfs ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0015 2460	Udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0015 2460	Update ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0015 2460	Update ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0015 2460	upnphost ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0015 2460	upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0015 2460	UPS ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0015 2460	UPS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0015 2460	usbaudio ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0015 2460	usbaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0031 2460	usbccgp ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0031 2460	usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0031 2460	USBCCID ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0031 2460	USBCCID ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0031 2460	usbehci ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0031 2460	usbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0031 2460	usbhub ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0031 2460	usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0031 2460	usbohci ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0031 2460	usbohci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0046 2460	usbprint ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0046 2460	usbprint ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0046 2460	usbscan ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0046 2460	usbscan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0046 2460	USBSTOR ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0046 2460	USBSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0046 2460	usbvideo ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0046 2460	usbvideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0046 2460	VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0046 2460	VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0046 2460	VolSnap ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0046 2460	VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0062 2460	VSS ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0062 2460	VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0062 2460	W32Time ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0062 2460	W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0062 2460	Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0062 2460	Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0062 2460	wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0062 2460	wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0062 2460	WebClient ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0062 2460	WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0078 2460	winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0078 2460	winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0078 2460	WmdmPmSN ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0078 2460	WmdmPmSN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0078 2460	WmiAcpi ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0078 2460	WmiAcpi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0078 2460	WmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0078 2460	WmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0078 2460	WS2IFSL ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0078 2460	WS2IFSL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0078 2460	WSTCODEC ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0078 2460	WSTCODEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0093 2460	wuauserv ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0093 2460	wuauserv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0093 2460	WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0093 2460	WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0093 2460	WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0093 2460	WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0093 2460	WudfSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0093 2460	WudfSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0093 2460	WZCSVC ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0093 2460	WZCSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:58:26.0109 2460	xmlprov ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:26.0109 2460	xmlprov ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 27.07.2012, 12:50   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield eingefangen - Standard

Security Shield eingefangen


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.07.2012, 20:20   #23
zbraff
 
Security Shield eingefangen - Standard

Security Shield eingefangen


Log-Datei (heißt bei mir "log.txt"):

Code:
ATTFilter
ComboFix 12-07-27.03 - *** 27.07.2012  20:21:02.1.2 - x86
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
C:\Internet Explorer.lnk
C:\Thumbs.db
c:\windows\IsUn0407.exe
.
c:\windows\system32\dfrgntfs.exe . . . ist infiziert!!
.
c:\windows\system32\extrac32.exe . . . ist infiziert!!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-27 bis 2012-07-27  ))))))))))))))))))))))))))))))
.
.
2012-07-26 08:53 . 2012-07-26 08:53	--------	d-----w-	c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\VMware
2012-07-26 08:53 . 2012-07-26 08:53	--------	d-----w-	C:\_OTL
2012-07-25 17:02 . 2012-07-25 17:02	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-21 16:12 . 2012-07-21 16:12	--------	d-----w-	c:\programme\ESET
2012-07-19 14:42 . 2012-07-19 14:42	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Avira
2012-07-19 14:37 . 2012-07-19 14:36	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-07-19 14:37 . 2012-07-19 14:37	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2012-07-19 14:37 . 2012-07-19 14:37	--------	d-----w-	c:\programme\Avira
2012-07-19 14:37 . 2012-07-19 14:36	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-07-19 14:37 . 2012-07-19 14:36	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-07-17 18:46 . 2012-06-14 10:31	70768	----a-w-	c:\windows\system32\drivers\PCTBD.sys
2012-07-17 18:46 . 2012-06-14 10:31	149464	----a-w-	c:\windows\SGDetectionTool.dll
2012-07-17 18:46 . 2012-06-14 10:31	767960	----a-w-	c:\windows\BDTSupport.dll
2012-07-17 18:46 . 2012-06-14 10:31	2267096	----a-w-	c:\windows\PCTBDCore.dll
2012-07-17 18:46 . 2012-06-14 10:31	1681368	----a-w-	c:\windows\PCTBDRes.dll
2012-07-17 18:42 . 2012-07-18 06:39	--------	d-----w-	c:\programme\Gemeinsame Dateien\PC Tools
2012-07-17 18:42 . 2012-05-11 09:14	203088	----a-w-	c:\windows\system32\drivers\PCTSD.sys
2012-07-17 18:41 . 2012-07-17 18:41	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\TestApp
2012-07-17 17:13 . 2012-07-17 17:13	--------	d-----w-	c:\dokumente und einstellungen\Administrator
2012-07-17 07:52 . 2006-06-14 09:53	29184	----a-w-	c:\windows\system32\drivers\usbccid.sys
2012-07-17 07:45 . 2012-07-17 07:45	--------	d-----w-	c:\programme\HP USB Smart Card Keyboard
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 07:09 . 2012-04-06 09:39	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-14 07:09 . 2011-07-05 06:27	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2011-04-26 10:14	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-14 09:03 . 2012-07-17 18:46	3488	----a-w-	c:\windows\UDB.zip
2012-06-14 09:03 . 2012-07-17 18:46	131	----a-w-	c:\windows\IDB.zip
2012-06-07 08:54 . 2012-06-07 08:54	772552	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-06-07 08:54 . 2010-11-13 13:22	687560	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-07 08:54 . 2010-11-13 13:22	143872	----a-w-	c:\windows\system32\javacpl.cpl
2011-09-23 04:44 . 2011-05-22 07:50	134104	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll
.
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2008-04-14 05:52 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-14 05:52 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll
[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rpcss.dll
.
[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\system32\services.exe
[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\services.exe
.
[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\spoolsv.exe
.
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2008-04-14 . 65E60C18DDB0215C201FF75E32D564C8 . 111616 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe
[-] 2008-04-14 . 65E60C18DDB0215C201FF75E32D564C8 . 111616 . . [5.4.3790.5512] . . c:\windows\system32\dllcache\wuauclt.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2008-04-14 . 3C93CE6C6985C55952B7BE6673E9FD15 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2008-04-14 05:52 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\system32\es.dll
[-] 2008-04-14 05:52 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\system32\dllcache\es.dll
.
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\system32\kernel32.dll
[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kernel32.dll
.
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2008-04-14 . 72AE55A9FFBC60650339CB12E35C7DD5 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie8\mshtml.dll
.
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2008-04-14 . C536AAD8A71608FE33CD956214EDD366 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\system32\mswsock.dll
[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\mswsock.dll
.
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll
[-] 2008-04-14 . B4AEE98A48917B274FACFB78BBE0BC84 . 671744 . . [6.00.2900.5512] . . c:\windows\ie8\wininet.dll
.
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ole32.dll
.
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\usp10.dll
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\dllcache\usp10.dll
.
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\ksuser.dll
.
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2004-08-04 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2008-04-14 05:52 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2008-04-14 05:52 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
.
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2008-04-14 05:52 . 6E18978B749F0696A774DE3F2CB142DD . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[-] 2008-04-14 . FEFB3BDA35CF469809B0C89AB6833AFC . 2026496 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2008-04-14 05:52 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 05:52 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 05:52 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 05:52 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
[-] 2008-04-14 . 88077F757C6C793C33408D878B6E0F76 . 2147840 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll
.
[-] 2008-04-14 . 02AF8A799D173C2D0C71F399C03AC9E1 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2008-04-14 . 02AF8A799D173C2D0C71F399C03AC9E1 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wshtcpip.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]
"VMware hqtray"="c:\programme\VMware\VMware Player\hqtray.exe" [2010-01-22 64048]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"LayoutM"="KLayMgr.exe" [2004-08-26 45056]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-07-19 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Ulead Photo Express SE Calendar Checker.lnk - c:\programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2010-11-27 61440]
Watch.lnk - c:\windows\twain_32\S6U12BX\WATCH.exe [2010-11-27 356352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04	1164584	----a-w-	c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-09-02 09:26	672632	----a-w-	c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-03-08 22:37	98304	----a-w-	c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [x]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [x]
R3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\DRIVERS\HPKBCCID.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x]
R3 STC2DFU;STCII DFU Adapter;c:\windows\system32\DRIVERS\Stc2Dfu.SYS [x]
R3 STCFUx32;STC DFU Driver;c:\windows\system32\DRIVERS\STCFUx32.SYS [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\programme\HWiNFO32\HWiNFO32.SYS [x]
S2 AntiVirMailService;Avira Email Schutz;c:\programme\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\programme\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S3 brfilt;Brother MFC-Filtertreiber;c:\windows\system32\Drivers\Brfilt.sys [x]
S3 BrSerWDM;Brother-Treiber (seriell);c:\windows\system32\Drivers\BrSerWdm.sys [x]
S3 BrUsbMdm;Brother MFC-nur-Fax-Modem (USB);c:\windows\system32\Drivers\BrUsbMdm.sys [x]
S3 BrUsbScn;Brother MFC-Scannertreiber (USB);c:\windows\system32\Drivers\BrUsbScn.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 24669010
*Deregistered* - 24669010
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-10-16 11:46]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-10-16 11:46]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Free YouTube to iPod Converter - c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programme\ICQ7.5\ICQ.exe
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
LSP: c:\programme\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\9iswm21x.default\
FF - prefs.js: browser.startup.homepage - yahoo.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-Wdf01000.sys
AddRemove-Browser Defender_is1 - c:\program files\PC Tools\PC Tools Security\BDT\unins000.exe
AddRemove-Ulead Photo Express 3.0 SE - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-27 20:24
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1275210071-448539723-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(756)
c:\programme\Avira\AntiVir Desktop\avsda.dll
.
Zeit der Fertigstellung: 2012-07-27  20:26:17
ComboFix-quarantined-files.txt  2012-07-27 18:26
.
Vor Suchlauf: 28 Verzeichnis(se), 407.224.918.016 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 407.402.635.264 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - F7A32F72DA3296F9E5C97800BBED6528

Alt 27.07.2012, 22:12   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield eingefangen - Standard

Security Shield eingefangen


Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Filelook::
c:\windows\system32\dfrgntfs.exe
c:\windows\system32\extrac32.exe
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.07.2012, 10:09   #25
zbraff
 
Security Shield eingefangen - Standard

Security Shield eingefangen


Hier die Log-Datei (heißt bei mir wieder "log.txt"):

Code:
ATTFilter
ComboFix 12-07-27.03 - *** 28.07.2012  10:50:14.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1791.1317 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\***\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dfrgntfs.exe . . . ist infiziert!! . . .Failed to restore. Attempting to replace on reboot 
.
c:\windows\system32\extrac32.exe . . . ist infiziert!! . . .Failed to restore. Attempting to replace on reboot 
.
Infizierte Kopie von c:\windows\system32\dfrgntfs.exe wurde gefunden und desinfiziert 
Kopie von - c:\system volume information\_restore{3F11AE51-AAAF-4712-9894-1AF919ADF1EE}\RP661\A0047794.exe wurde wiederhergestellt
Infizierte Kopie von c:\windows\system32\extrac32.exe wurde gefunden und desinfiziert 
Kopie von - c:\system volume information\_restore{3F11AE51-AAAF-4712-9894-1AF919ADF1EE}\RP661\A0047795.exe wurde wiederhergestellt
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-28 bis 2012-07-28  ))))))))))))))))))))))))))))))
.
.
2012-07-26 08:53 . 2012-07-26 08:53	--------	d-----w-	c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\VMware
2012-07-26 08:53 . 2012-07-26 08:53	--------	d-----w-	C:\_OTL
2012-07-25 17:02 . 2012-07-25 17:02	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-21 16:12 . 2012-07-21 16:12	--------	d-----w-	c:\programme\ESET
2012-07-19 14:42 . 2012-07-19 14:42	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Avira
2012-07-19 14:37 . 2012-07-19 14:36	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-07-19 14:37 . 2012-07-19 14:37	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2012-07-19 14:37 . 2012-07-19 14:37	--------	d-----w-	c:\programme\Avira
2012-07-19 14:37 . 2012-07-19 14:36	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-07-19 14:37 . 2012-07-19 14:36	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-07-17 18:46 . 2012-06-14 10:31	70768	----a-w-	c:\windows\system32\drivers\PCTBD.sys
2012-07-17 18:46 . 2012-06-14 10:31	149464	----a-w-	c:\windows\SGDetectionTool.dll
2012-07-17 18:46 . 2012-06-14 10:31	767960	----a-w-	c:\windows\BDTSupport.dll
2012-07-17 18:46 . 2012-06-14 10:31	2267096	----a-w-	c:\windows\PCTBDCore.dll
2012-07-17 18:46 . 2012-06-14 10:31	1681368	----a-w-	c:\windows\PCTBDRes.dll
2012-07-17 18:42 . 2012-07-18 06:39	--------	d-----w-	c:\programme\Gemeinsame Dateien\PC Tools
2012-07-17 18:42 . 2012-05-11 09:14	203088	----a-w-	c:\windows\system32\drivers\PCTSD.sys
2012-07-17 18:41 . 2012-07-17 18:41	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\TestApp
2012-07-17 17:13 . 2012-07-17 17:13	--------	d-----w-	c:\dokumente und einstellungen\Administrator
2012-07-17 07:52 . 2006-06-14 09:53	29184	----a-w-	c:\windows\system32\drivers\usbccid.sys
2012-07-17 07:45 . 2012-07-17 07:45	--------	d-----w-	c:\programme\HP USB Smart Card Keyboard
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 07:09 . 2012-04-06 09:39	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-14 07:09 . 2011-07-05 06:27	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2011-04-26 10:14	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-14 09:03 . 2012-07-17 18:46	3488	----a-w-	c:\windows\UDB.zip
2012-06-14 09:03 . 2012-07-17 18:46	131	----a-w-	c:\windows\IDB.zip
2012-06-07 08:54 . 2012-06-07 08:54	772552	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-06-07 08:54 . 2010-11-13 13:22	687560	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-07 08:54 . 2010-11-13 13:22	143872	----a-w-	c:\windows\system32\javacpl.cpl
2011-09-23 04:44 . 2011-05-22 07:50	134104	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\dfrgntfs.exe ---
Company: Microsoft Corporation und Executive Software International, Inc.
File Description: NTFS-Defragmentierung
File Version: 5.1.2600.5512 (xpsp.080413-2111)
Product Name: Windows-Defragmentierung
Copyright: ©2001 Microsoft Corp. und Executive Software Int'l, Inc.
Original Filename: DFRGNTFS.EXE
File size: 105472
Created time: 2008-04-14 05:52
Modified time: 2001-02-23 23:53
MD5: CEB5F891664EE9E65DF4F87CD4F34294
SHA1: 70FF8B23C2A530EFAD5B27D076DFAEA7C309DEFD
.
.
--- c:\windows\system32\extrac32.exe ---
Company: Microsoft Corporation
File Description: Microsoft® CAB-Dekomprimierungsprogramm
File Version: 5.1.2600.5512 (xpsp.080413-2105)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: extrac32.exe
File size: 24064
Created time: 2008-04-14 05:52
Modified time: 2008-04-14 05:52
MD5: 9D72E7CF7E667AD15A53C726FEEDE69B
SHA1: 26BA8C98E831685DF4E87D5F97A5DAE6DB5A03E3
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll
.
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2008-04-14 05:52 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-14 05:52 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll
[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rpcss.dll
.
[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\system32\services.exe
[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\services.exe
.
[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\spoolsv.exe
.
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2008-04-14 . 65E60C18DDB0215C201FF75E32D564C8 . 111616 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe
[-] 2008-04-14 . 65E60C18DDB0215C201FF75E32D564C8 . 111616 . . [5.4.3790.5512] . . c:\windows\system32\dllcache\wuauclt.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2008-04-14 . 3C93CE6C6985C55952B7BE6673E9FD15 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2008-04-14 05:52 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\system32\es.dll
[-] 2008-04-14 05:52 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\system32\dllcache\es.dll
.
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\system32\kernel32.dll
[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kernel32.dll
.
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2008-04-14 . 72AE55A9FFBC60650339CB12E35C7DD5 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie8\mshtml.dll
.
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2008-04-14 . C536AAD8A71608FE33CD956214EDD366 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\system32\mswsock.dll
[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\mswsock.dll
.
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll
[-] 2008-04-14 . B4AEE98A48917B274FACFB78BBE0BC84 . 671744 . . [6.00.2900.5512] . . c:\windows\ie8\wininet.dll
.
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ole32.dll
.
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\usp10.dll
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\dllcache\usp10.dll
.
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\ksuser.dll
.
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2004-08-04 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2008-04-14 05:52 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2008-04-14 05:52 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
.
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2008-04-14 05:52 . 6E18978B749F0696A774DE3F2CB142DD . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[-] 2008-04-14 . FEFB3BDA35CF469809B0C89AB6833AFC . 2026496 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2008-04-14 05:52 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 05:52 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 05:52 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 05:52 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
[-] 2008-04-14 . 88077F757C6C793C33408D878B6E0F76 . 2147840 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll
.
[-] 2008-04-14 . 02AF8A799D173C2D0C71F399C03AC9E1 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2008-04-14 . 02AF8A799D173C2D0C71F399C03AC9E1 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wshtcpip.dll
.
(((((((((((((((((((((((((((((   SnapShot@2012-07-27_18.24.56   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-28 08:58 . 2012-07-28 08:58	16384              c:\windows\Temp\Perflib_Perfdata_9e8.dat
+ 2012-07-28 08:43 . 2012-07-28 08:43	16384              c:\windows\Temp\Perflib_Perfdata_9bc.dat
+ 2012-07-28 08:58 . 2012-07-28 08:58	16384              c:\windows\Temp\Perflib_Perfdata_478.dat
+ 2008-04-14 05:52 . 2008-04-14 05:52	24064              c:\windows\system32\extrac32.exe
- 2008-04-14 05:52 . 2001-02-23 23:53	24064              c:\windows\system32\extrac32.exe
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]
"VMware hqtray"="c:\programme\VMware\VMware Player\hqtray.exe" [2010-01-22 64048]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"LayoutM"="KLayMgr.exe" [2004-08-26 45056]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-07-19 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Ulead Photo Express SE Calendar Checker.lnk - c:\programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2010-11-27 61440]
Watch.lnk - c:\windows\twain_32\S6U12BX\WATCH.exe [2010-11-27 356352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04	1164584	----a-w-	c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-09-02 09:26	672632	----a-w-	c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-03-08 22:37	98304	----a-w-	c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [19.07.2012 16:37 36000]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\programme\HWiNFO32\HWiNFO32.SYS [08.10.2010 17:40 20088]
R2 AntiVirMailService;Avira Email Schutz;c:\programme\Avira\AntiVir Desktop\avmailc.exe [19.07.2012 16:37 375760]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [19.07.2012 16:37 86224]
R2 AntiVirWebService;Avira Browser Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [19.07.2012 16:37 465360]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [22.01.2010 22:57 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\programme\Common Files\VMware\USB\vmware-usbarbitrator.exe [22.01.2010 22:00 563760]
R3 brfilt;Brother MFC-Filtertreiber;c:\windows\system32\drivers\BrFilt.sys [13.10.2010 16:16 2944]
R3 BrSerWDM;Brother-Treiber (seriell);c:\windows\system32\drivers\BrSerWdm.sys [13.10.2010 16:16 60416]
R3 BrUsbMdm;Brother MFC-nur-Fax-Modem (USB);c:\windows\system32\drivers\BrUsbMdm.sys [13.10.2010 16:16 11008]
R3 BrUsbScn;Brother MFC-Scannertreiber (USB);c:\windows\system32\drivers\BrUsbScn.sys [13.10.2010 16:15 10368]
S2 Browser Defender Update Service;Browser Defender Update Service;"c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" --> c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [16.10.2010 13:46 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [03.10.2010 19:25 1684736]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [16.10.2010 13:46 136176]
S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [06.05.2012 10:06 48256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [25.07.2012 19:02 40776]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [17.07.2012 20:46 70768]
S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\DRIVERS\Stc2Dfu.SYS --> c:\windows\system32\DRIVERS\Stc2Dfu.SYS [?]
S3 STCFUx32;STC DFU Driver;c:\windows\system32\drivers\STCFUx32.sys [24.01.2007 02:01 7680]
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-10-16 11:46]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-10-16 11:46]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Free YouTube to iPod Converter - c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programme\ICQ7.5\ICQ.exe
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
LSP: c:\programme\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\9iswm21x.default\
FF - prefs.js: browser.startup.homepage - yahoo.de
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-28 10:58
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1275210071-448539723-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(756)
c:\programme\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(3348)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Java\jre7\bin\jqs.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\BRMFRSMG.EXE
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\programme\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\wscntfy.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-28  11:01:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-28 09:01
ComboFix2.txt  2012-07-27 18:26
.
Vor Suchlauf: 29 Verzeichnis(se), 407.422.017.536 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 407.401.385.984 Bytes frei
.
- - End Of File - - 656C4F8EE59F2FBAE3F1C9D53173EAB3

Alt 28.07.2012, 23:12   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield eingefangen - Standard

Security Shield eingefangen


Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.07.2012, 10:16   #27
zbraff
 
Security Shield eingefangen - Standard

Security Shield eingefangen


GMER ist immer abgestürzt, selbst im abgesicherten Modus.

OSAM-Log:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:33:02 on 30.07.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "Microsoft Corporation" - C:\WINDOWS\system32\autochk.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
-----( HKLM\SOFTWARE\Microsoft\Windows Scripting Host\Locations )-----
"CScript" - "Microsoft Corporation" - C:\WINDOWS\System32\cscript.exe
"WScript" - "Microsoft Corporation" - C:\WINDOWS\System32\wscript.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"access.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\access.cpl
"ALSNDMGR.CPL" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\ALSNDMGR.CPL
"appwiz.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
"bthprops.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\bthprops.cpl
"desk.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\desk.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"firewall.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\firewall.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"hdwwiz.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\hdwwiz.cpl
"inetcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\inetcpl.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"intl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\intl.cpl
"irprops.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\irprops.cpl
"javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl
"joy.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\joy.cpl
"main.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\main.cpl
"mmsys.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\mmsys.cpl
"ncpa.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\ncpa.cpl
"netsetup.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\netsetup.cpl
"nusrmgr.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\nusrmgr.cpl
"odbccp32.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\odbccp32.cpl
"powercfg.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\powercfg.cpl
"RTSndMgr.CPL" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\RTSndMgr.CPL
"sysdm.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl
"telephon.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\telephon.cpl
"timedate.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\timedate.cpl
"wscui.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wscui.cpl
"wuaucpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Internet Connection Firewall" - "Microsoft Corporation" - C:\WINDOWS\system32\Firewall.cpl
"NetSetupWizard" - "Microsoft Corporation" - C:\WINDOWS\system32\NetSetup.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"Speech" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Speech\sapi.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AFD" (AFD) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\afd.sys
"Ambfilt" (Ambfilt) - "Creative" - C:\WINDOWS\System32\drivers\Ambfilt.sys
"AMD HwPState Prozessortreiber" (AmdPPM) - "Advanced Micro Devices" - C:\WINDOWS\System32\DRIVERS\AmdPPM.sys
"Asynchroner RAS -Medientreiber" (AsyncMac) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\asyncmac.sys
"ATI Function Driver for High Definition Audio Service" (AtiHdmiService) - "ATI Technologies, Inc." - C:\WINDOWS\System32\drivers\AtiHdmi.sys
"ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
"Audiostubtreiber" (audstub) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\audstub.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"BDA Slip De-Framer" (SLIP) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\SLIP.sys
"BDA-IPSink" (streamip) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\StreamIP.sys
"Beep" (Beep) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Beep.sys
"Brother MFC-Filtertreiber" (brfilt) - "Brother Industries Ltd." - C:\WINDOWS\System32\Drivers\Brfilt.sys
"Brother MFC-nur-Fax-Modem (USB)" (BrUsbMdm) - "Brother Industries Ltd." - C:\WINDOWS\System32\Drivers\BrUsbMdm.sys
"Brother MFC-Scannertreiber (USB)" (BrUsbScn) - "Brother Industries Ltd." - C:\WINDOWS\System32\Drivers\BrUsbScn.sys
"Brother-Treiber (seriell)" (BrSerWDM) - "Brother Industries Ltd." - C:\WINDOWS\System32\Drivers\BrSerWdm.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"CD-ROM-Laufwerktreiber" (Cdrom) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\cdrom.sys
"Cdaudio" (Cdaudio) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Cdaudio.sys
"Cdfs" (Cdfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Cdfs.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Diskettencontrollertreiber" (Fdc) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fdc.sys
"Diskettenlaufwerktreiber" (Flpydisk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\flpydisk.sys
"Fastfat" (Fastfat) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fastfat.sys
"Filtertreiber für CD-Brennen" (Imapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\imapi.sys
"Filtertreiber für digitale CD-Audiowiedergabe" (redbook) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\redbook.sys
"Filtertreiber für IP-Verkehr" (IpFilterDriver) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
"Filtertreiber für IPX-Verkehr" (NwlnkFlt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
"Filtertreiber für Systemwiederherstellung" (sr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\sr.sys
"Fips" (Fips) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fips.sys
"FltMgr" (FltMgr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fltMgr.sys
"Fs_Rec" (Fs_Rec) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fs_Rec.sys
"Grand Tech GT680x NT" (GT680x) - "   " - C:\WINDOWS\System32\DRIVERS\GT680x.SYS
"HP Keyboard Smart Card Driver" (HPKBCCID) - "Hewlett-Packard Company" - C:\WINDOWS\System32\DRIVERS\HPKBCCID.sys
"HTTP" (HTTP) - "Microsoft Corporation" - C:\WINDOWS\System32\Drivers\HTTP.sys
"HWiNFO32 Kernel Driver" (HWiNFO32) - "REALiX(tm)" - C:\Programme\HWiNFO32\HWiNFO32.SYS
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"i8042-Tastatur- und PS/2-Mausanschluss-Treiber" (i8042prt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\i8042prt.sys
"IP/IP-Tunneltreiber" (IpInIp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipinip.sys
"IPSEC-Treiber" (IPSec) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipsec.sys
"IPv6-Windows-Firewalltreiber" (Ip6Fw) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys
"IR-Enumeratordienst" (IRENUM) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\irenum.sys
"IrDA-Protokoll" (irda) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\irda.sys
"Kernel Mode Driver Frameworks service" (Wdf01000) - "Microsoft Corporation" - C:\WINDOWS\System32\Drivers\wdf01000.sys
"KSecDD" (KSecDD) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\KSecDD.sys
"Laufwerktreiber" (Disk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\disk.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"Logitech HD Webcam C270(UVC)" (LVUVC) - ? - C:\WINDOWS\System32\DRIVERS\lvuvc.sys  (File not found)
"Logitech RightSound Filter Driver" (LVRS) - ? - C:\WINDOWS\System32\DRIVERS\lvrs.sys  (File not found)
"Maus-HID-Treiber" (mouhid) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mouhid.sys
"Mausklassentreiber" (Mouclass) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mouclass.sys
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbamswissarmy.sys
"mf" (mf) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mf.sys
"Microcode Updatetreiber" (Update) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\update.sys
"Microsoft ACPI-Treiber" (ACPI) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ACPI.sys
"Microsoft HID Class-Treiber" (hidusb) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\hidusb.sys
"Microsoft Kernel GS Wavetablesynthesizer" (swmidi) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\swmidi.sys
"Microsoft Kernel-Audiosplitter" (splitter) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\splitter.sys
"Microsoft Kernel-DLS-Synthesizer" (DMusic) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\DMusic.sys
"Microsoft Kernel-DRM-Audioentschlüsselung" (drmkaud) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\drmkaud.sys
"Microsoft Kernel-Echounterdrückung" (aec) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\aec.sys
"Microsoft Kernel-Systemaudiogerät" (sysaudio) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\sysaudio.sys
"Microsoft Kernel-Waveaudiomixer" (kmixer) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\kmixer.sys
"Microsoft Proxy für Streaming Clock" (MSPCLOCK) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSPCLOCK.sys
"Microsoft Proxy für Streaming Quality Manager" (MSPQM) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSPQM.sys
"Microsoft serieller Infrarottreiber" (irsir) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\irsir.sys
"Microsoft Standard-USB-Haupttreiber" (usbccgp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbccgp.sys
"Microsoft Streaming Service Proxy" (MSKSSRV) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSKSSRV.sys
"Microsoft Streaming Tee/Sink-to-Sink-Konvertierung" (MSTEE) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSTEE.sys
"Microsoft TV-/Videoverbindung" (NdisIP) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\NdisIP.sys
"Microsoft UAA-Bustreiber für High Definition Audio" (HDAudBus) - "Windows (R) Server 2003 DDK provider" - C:\WINDOWS\System32\DRIVERS\HDAudBus.sys
"Microsoft USB-Druckerklasse" (usbprint) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbprint.sys
"Microsoft Windows-Verwaltungsschnittstelle für ACPI" (WmiAcpi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wmiacpi.sys
"Microsoft-Systemverwaltungs-BIOS-Treiber" (mssmbios) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mssmbios.sys
"Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller" (usbehci) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbehci.sys
"Miniporttreiber für Microsoft USB Open Host-Controller" (usbohci) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbohci.sys
"mnmdd" (mnmdd) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\mnmdd.sys
"Modem" (Modem) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Modem.sys
"Monfilt" (Monfilt) - "Creative Technology Ltd." - C:\WINDOWS\System32\drivers\Monfilt.sys
"MountMgr" (MountMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\MountMgr.sys
"MRXSMB" (MRxSmb) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
"Msfs" (Msfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Msfs.sys
"Mup" (Mup) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Mup.sys
"NABTS/FEC VBI-Codec" (NABTSFEC) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
"NDIS-Benutzermodus-E/A-Protokoll" (Ndisuio) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndisuio.sys
"NDIS-Systemtreiber" (NDIS) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\NDIS.sys
"NDProxy" (NDProxy) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\NDProxy.sys
"NetBios über TCP/IP" (NetBT) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\netbt.sys
"NetBIOS-Schnittstelle" (NetBIOS) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\netbios.sys
"Nokia USB Phone Parent" (nmwcd) - "Nokia" - C:\WINDOWS\System32\drivers\ccdcmb.sys
"Npfs" (Npfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Npfs.sys
"Ntfs" (Ntfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Ntfs.sys
"Null" (Null) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Null.sys
"Parallelanschluss (direkt)" (Raspti) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspti.sys
"PartMgr" (PartMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\PartMgr.sys
"ParVdm" (ParVdm) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ParVdm.sys
"PC Tools Browser Defender Driver" (PCTBD) - "PC Tools" - C:\WINDOWS\System32\Drivers\PCTBD.sys
"PCCS Mode Change Filter Driver" (pccsmcfd) - "Nokia" - C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys
"PCI-Bus-Treiber" (PCI) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\pci.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PCIIde" (PCIIde) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\pciide.sys
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PnP-ISA/EISA-Bus-Treiber" (isapnp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\isapnp.sys
"Protokoll für ATM ARP-Client" (Atmarpc) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\atmarpc.sys
"Prozessortreiber" (Processor) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\processr.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"QoS-Paketplaner" (PSched) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\psched.sys
"RAS-IP-ARP-Treiber" (Wanarp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wanarp.sys
"RAS-NDIS-TAPI-Treiber" (NdisTapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndistapi.sys
"RAS-NDIS-WAN-Treiber" (NdisWan) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndiswan.sys
"Rdbss" (Rdbss) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rdbss.sys
"RDPCDD" (RDPCDD) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
"RDPWD" (RDPWD) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\RDPWD.sys
"Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver" (RTLE8023xp) - "Realtek Semiconductor Corporation                           " - C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys
"Redirector für WebDav-Client" (MRxDAV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mrxdav.sys
"Remotezugriff-PPPOE-Treiber" (RasPppoe) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspppoe.sys
"Secdrv" (Secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - C:\WINDOWS\System32\DRIVERS\secdrv.sys
"Serenum-Filtertreiber" (serenum) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\serenum.sys
"Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\RtkHDAud.sys
"Sfloppy" (Sfloppy) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Sfloppy.sys
"Software-Bus-Treiber" (swenum) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\swenum.sys
"Srv" (Srv) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\srv.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"Standard-IDE/ESDI-Festplattencontroller" (atapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\atapi.sys
"Standardpaketklassifizierung" (Gpc) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\msgpc.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"STC DFU Driver" (STCFUx32) - "SCM Microsystems Inc." - C:\WINDOWS\System32\DRIVERS\STCFUx32.SYS
"STCII DFU Adapter" (STC2DFU) - ? - C:\WINDOWS\System32\DRIVERS\Stc2Dfu.SYS  (File not found)
"Tastatur-HID-Treiber" (kbdhid) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\kbdhid.sys
"Tastaturklassentreiber" (Kbdclass) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\kbdclass.sys
"TCP/IP-Protokolltreiber" (Tcpip) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\tcpip.sys
"TDPIPE" (TDPIPE) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\TDPIPE.sys
"TDTCP" (TDTCP) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\TDTCP.sys
"Terminal-Gerätetreiber" (TermDD) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\termdd.sys
"Treiber für automatische RAS-Verbindung" (RasAcd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rasacd.sys
"Treiber für direkte Parallelverbindung" (Ptilink) - "Parallel Technologies, Inc." - C:\WINDOWS\System32\DRIVERS\ptilink.sys
"Treiber für IPX-Verkehrsweiterleitung" (NwlnkFwd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
"Treiber für Microsoft WINMM-WDM-Audiokompatibilität" (wdmaud) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\wdmaud.sys
"Treiber für parallelen Anschluss" (Parport) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\parport.sys
"Treiber für seriellen Anschluss" (Serial) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\serial.sys
"Treiber für Volume-Manager" (Ftdisk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ftdisk.sys
"Untertiteldecoder" (CCDECODE) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
"USB Smart Card reader" (USBCCID) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbccid.sys
"USB-Audiotreiber (WDM)" (usbaudio) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\usbaudio.sys
"USB-Massenspeichertreiber" (USBSTOR) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
"USB-Scannertreiber" (usbscan) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbscan.sys
"USB-Videogerät (WDM)" (usbvideo) - "Microsoft Corporation" - C:\WINDOWS\System32\Drivers\usbvideo.sys
"USB2-aktivierter Hub" (usbhub) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbhub.sys
"VgaSave" (VgaSave) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\vga.sys
"VMware Bridge Protocol" (VMnetBridge) - "VMware, Inc." - C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys
"VMware hcmon" (hcmon) - "VMware, Inc." - C:\WINDOWS\system32\drivers\hcmon.sys
"VMware kbd" (vmkbd) - "VMware, Inc." - C:\WINDOWS\system32\drivers\VMkbd.sys
"VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\WINDOWS\system32\drivers\vmnetuserif.sys
"VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - "VMware, Inc." - C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys
"VMware vmci" (vmci) - "VMware, Inc." - C:\WINDOWS\system32\Drivers\vmci.sys
"VMware VMparport" (VMparport) - "VMware, Inc." - C:\WINDOWS\system32\Drivers\VMparport.sys
"VMware vmx86" (vmx86) - "VMware, Inc." - C:\WINDOWS\system32\Drivers\vmx86.sys
"VolSnap" (VolSnap) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\VolSnap.sys
"Vstor2 WS60 Virtual Storage Driver" (vstor2-ws60) - "VMware, Inc." - C:\Programme\VMware\VMware Player\vstor2-ws60.sys
"WAN-Miniport (IrDA)" (Rasirda) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rasirda.sys
"WAN-Miniport (L2TP)" (Rasl2tp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
"WAN-Miniport (PPTP)" (PptpMiniport) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspptp.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"Windows Driver Foundation - User-mode Driver Framework Platform Driver" (WudfPf) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\WudfPf.sys
"Windows Driver Foundation - User-mode Driver Framework Reflector" (WudfRd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wudfrd.sys
"Windows Socket 2.0 Non-IFS Service Provider Support Environment" (WS2IFSL) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\ws2ifsl.sys
"World Standard Teletext-Codec" (WSTCODEC) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS
"Übersetzer für IP-Netzwerkadressen" (IpNat) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipnat.sys

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - hxxp://upload.wikimedia.org/wikipedia/commons/thumb/d/d6/Demodikosis-mops.JPG/220px-Demodikosis-mops.JPG  (HTTP value)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{7790769C-0471-11d2-AF11-00C04FA35D02} "Adressbuch 6" - "Microsoft Corporation" - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} "Browser Customizations" - "Microsoft Corporation" - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS "Browseranpassungen" - "Microsoft Corporation" - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
>{26923b43-4d38-484f-9b9e-de460746276c} "Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
{89820200-ECBD-11cf-8B85-00AA005B4383} "Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Outlook Express 6" - "Microsoft Corporation" - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
{6BF52A52-394A-11d3-B153-00C04F79FAA6} "Microsoft Windows Media Player" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} "NetMeeting 3.01" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} "Outlook Express" - "Microsoft Corporation" - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} "Versions-Update für Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieudinit.exe
{89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" - "Microsoft Corporation" - regsvr32.exe /s /n /i:U shell32.dll
{5945c046-1e7d-11d1-bc44-00c04fd912be} "Windows Messenger 4.7" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} "AP Class Install Handler filter" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
{733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3dd53d40-7b8b-11D0-b013-00aa0059ce02} "CDL: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll
{79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{79eac9e3-baf9-11ce-8c82-00aa004ba90b} "ftp: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{79eac9e4-baf9-11ce-8c82-00aa004ba90b} "gopher: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{79eac9e2-baf9-11ce-8c82-00aa004ba90b} "http: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{79eac9e5-baf9-11ce-8c82-00aa004ba90b} "https: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{05300401-BCBC-11d0-85E3-00C04FD85AB4} "MHTML Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\inetcomm.dll
{3050F406-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML About Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Mailto Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Resource Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{76E67A63-06E9-11D2-A840-006008059382} "Microsoft HTML Resource Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\WINDOWS\system32\itss.dll
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\WINDOWS\system32\itss.dll
{79eac9e6-baf9-11ce-8c82-00aa004ba90b} "mk: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll
{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} "WiaProtocol Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wiascr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{438755C2-A8BA-11D1-B96B-00A0C90312E1} "Browseui preloader" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{8C7461EF-2B13-11d2-BE35-3078302C2030} "Component Categories cache daemon" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{01E04581-4EEE-11d0-BFE9-00AA005B4383} "&Adresse" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{F2CF5485-4E02-4f68-819C-B92DE9277049} "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{32714800-2E5F-11d0-8B85-00AA0044F941} "&Nach Personen..." - "Microsoft Corporation" - C:\Programme\Outlook Express\wabfind.dll
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{7e653215-fa25-46bd-a339-34a2790f3cb7} "Accessible" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{88C6C381-2E85-11D0-94DE-444553540000} "ActiveX Cache Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\occache.dll
{A08C11D2-A228-11d0-825B-00AA005B4383} "Address EditBox" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{85BBD920-42A0-1069-A2E4-08002B30309D} "Aktenkoffer" - "Microsoft Corporation" - C:\WINDOWS\system32\syncui.dll
{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} "Audio Media Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shmedia.dll
{91EA3F8B-C99B-11d0-9815-00C04FD91972} "Augmented Shell Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{6413BA2C-B461-11d1-A18A-080036B11A03} "Augmented Shell Folder 2" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} "Ausführen..." - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} "Automatische Diashowwiedergabe der Shell" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{87D62D94-71B3-4b9a-9489-5FE6850DC73E} "Avi Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shmedia.dll
{F61FFEC1-754F-11d0-80CA-00AA005B4383} "BandProxy" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{7A9D77BD-5403-11d2-8785-2E0420524153} "Benutzerkonten" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{add36aa8-751a-4579-a266-d66f5202ccbb} "Bestellung von Abzügen über das Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{67EA19A0-CCEF-11d0-8024-00C04FD75D13} "CDF Extension Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{7D559C10-9FE9-11d0-93F7-00AA0059CE02} "Code Download Agent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{BD472F60-27FA-11cf-B8B4-444553540000} "Compressed (zipped) Folder Right Drag Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll
{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} "Compressed (zipped) Folder SendTo Target" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll
{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} "CompressedFolder" - "Microsoft Corporation" - C:\WINDOWS\system32\zipfldr.dll
{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} "ConnectionAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{42071713-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Bildschirme" - "Microsoft Corporation" - C:\WINDOWS\system32\deskmon.dll
{42071712-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Grafikkarten" - "Microsoft Corporation" - C:\WINDOWS\system32\deskadp.dll
{7444C717-39BF-11D1-8CD9-00C04FC29D45} "CryptPKO Class" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptext.dll
{7444C719-39BF-11D1-8CD9-00C04FC29D45} "CryptSig Class" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptext.dll
{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} "Custom MRU AutoCompleted List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{CFCCC7A0-A282-11D1-9082-006008059382} "Darwin App Publisher" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} "DfsShell Class" - "Microsoft Corporation" - C:\WINDOWS\system32\dfsshlex.dll
{62AE1F9A-126A-11D0-A14B-0800361B1103} "Directory Context Menu Verbs" - "Microsoft Corporation" - C:\WINDOWS\system32\dsuiext.dll
{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} "Directory Object Find" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{0D45D530-764B-11d0-A1CA-00AA00C16E65} "Directory Property UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dsuiext.dll
{8A23E65E-31C2-11d0-891C-00A024AB2DBB} "Directory Query UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{F020E586-5264-11d1-A532-0000F8757D7E} "Directory Start/Search Find" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{f92e8c40-3d33-11d2-b1aa-080036a75b03} "Display TroubleShoot CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\deskperf.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{22BF0C20-6DA7-11D0-B373-00A0C9034938} "Download Status" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{60fd46de-f830-4894-a628-6fa81bc0190d} "Drop-Zielobjekt für den Fotodruck-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\photowiz.dll
{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} "E-Mail" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{00022613-0000-0000-C000-000000000046} "Eigenschaften für Multimediadatei" - "Microsoft Corporation" - C:\WINDOWS\system32\mmsys.cpl
{596AB062-B4D2-4215-9F74-E9109B0A8153} "Eigenschaftenseite für vorherige Versionen" - "Microsoft Corporation" - C:\WINDOWS\system32\twext.dll
{1F2E5C40-9550-11CE-99D2-00AA006E086C} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\rshx32.dll
{4E40F770-369C-11d0-8922-00A024AB2DBB} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\dssec.dll
{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\rshx32.dll
{59099400-57FF-11CE-BD94-0020AF85B590} "Erweiterung für Datenträgerkopien" - "Microsoft Corporation" - C:\WINDOWS\system32\diskcopy.dll
{EFA24E64-B078-11d0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{692F0339-CBAA-47e6-B5B5-3B84DB604E87} "Extensions Manager Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\extmgr.dll
{7A80E4A8-8005-11D2-BCF8-00C04F72C717} "ExtractIcon Class" - "Microsoft Corporation" - C:\WINDOWS\System32\mmcshext.dll
{EFA24E61-B078-11d0-89E4-00C04FC9E26E} "Favorites Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{3F30C968-480A-4C6C-862D-EFC0897BB84B} "GDI+ Dateiminiaturansicht-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{D6277990-4C6A-11CF-8D87-00AA0060F5BF} "Geplante Tasks" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll
{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "Global Folder Settings" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} "Hilfe und Support" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{FF393560-C2A7-11CF-BFF4-444553540000} "History" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{EFA24E62-B078-11d0-89E4-00C04FC9E26E} "History Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{25336920-03f9-11cf-8fd0-00aa00686f13} "HTML Document" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{EAB841A0-9550-11cf-8C16-00805F1408F3} "HTML-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - "Hilgraeve, Inc." - C:\WINDOWS\system32\hticons.dll
{DBCE2480-C732-101B-BE72-BA78E9AD5B27} "ICC-Profil" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll
{675F097E-4C4D-11D0-B6C1-0800091AA605} "ICM-Druckerverwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll
{5DB2625A-54DF-11D0-B6C4-0800091AA605} "ICM-Monitorverwaltung" - "Microsoft Corporation" - C:\WINDOWS\System32\icmui.dll
{176d6597-26d3-11d1-b350-080036a75b03} "ICM-Scannerverwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll
{3028902F-6374-48b2-8DC6-9725E775B926} "IE AutoComplete" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{73CFD649-CD48-4fd8-A272-2070EA56526B} "IE BandProxy" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} "IE Custom MRU AutoCompleted List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{1C1EDB47-CE22-4bbb-B608-77B48F83C823} "IE Fade Task" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{11016101-E366-4D22-BC06-4ADA335C892B} "IE History and Feeds Shell Data Source for Windows Search" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{6CF48EF8-44CD-45d2-8832-A16EA016311B} "IE IShellFolderBand" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{4B78D326-D922-44f9-AF2A-07805C2A3560} "IE Menu Band" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{205D7A97-F16D-4691-86EF-F3075DCCA57D} "IE Menu Desk Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{44C76ECD-F7FA-411c-9929-1B77BA77F524} "IE Menu Site" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{07C45BB1-4A8C-4642-A1F5-237E7215FF66} "IE Microsoft BrowserBand" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{6038EF75-ABFC-4e59-AB6F-12D397F6568D} "IE Microsoft History AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{B31C5FAE-961F-415b-BAF0-E697A5178B94} "IE Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} "IE Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} "IE MRU AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{43886CD5-6529-41c4-A707-7B3C92C05E68} "IE Navigation Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} "IE Registry Tree Options Utility" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} "IE RSS Feeds Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{30D02401-6A81-11d0-8274-00C04FD5AE38} "IE Search Band" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{E6EE9AAC-F76B-4947-8260-A9F136138E11} "IE Shell Band Site Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} "IE Shell Rebar BandSite" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} "IE Tracking Shell Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} "IE4 Suite-Begrüßungsbildschirm" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{169A0691-8DF9-11d1-A1C4-00C04FD75D13} "In-pane search" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{0B124F8F-91F0-11D1-B8B5-006008059382} "Installed Apps Enumerator" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} "Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{871C5380-42A0-1069-A2EA-08002B30309D} "Internet Name Space" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{FBF23B40-E3F0-101B-8488-00AA003E56F8} "Internet Shortcut" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{131A6951-7F78-11D0-A979-00C04FD705A2} "ISFBand OC" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} "Kabinettdatei" - "Microsoft Corporation" - C:\WINDOWS\system32\cabview.dll
{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} "Kompatibilitätsseite" - "Microsoft Corporation" - C:\WINDOWS\system32\SlayerXP.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{3050f3d9-98b5-11cf-bb82-00aa00bdce0b} "MHTML Document" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll
{143A62C8-C33B-11D1-84FE-00C04FA34A14} "Microsoft Agent Character Property Sheet Handler" - "Microsoft Corporation" - C:\WINDOWS\msagent\agentpsh.dll
{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} "Microsoft Browser Architecture" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{7BA4C742-9E81-11CF-99D3-00AA004AE837} "Microsoft BrowserBand" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{7988B573-EC89-11cf-9C00-00AA00A14F56} "Microsoft Disk Quota UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquoui.dll
{6A205B57-2567-4A2C-B881-F787FAB579A3} "Microsoft DocProp Inplace Calendar Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll
{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} "Microsoft DocProp Inplace Droplist Combo Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll
{A9CF0EAE-901A-4739-A481-E35B73E47F6D} "Microsoft DocProp Inplace Edit Box Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll
{8EE97210-FD1F-4B19-91DA-67914005F020} "Microsoft DocProp Inplace ML Edit Box Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll
{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} "Microsoft DocProp Inplace Time Control" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll
{883373C3-BF89-11D1-BE35-080036B11A03} "Microsoft DocProp Shell Ext" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop2.dll
{63da6ec0-2e98-11cf-8d82-444553540000} "Microsoft FTP Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\msieftp.dll
{00BB2764-6A77-11D0-A535-00C04FD7D062} "Microsoft History AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{5E6AB780-7743-11CF-A12B-00AA004AE837} "Microsoft Internet Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{00BB2765-6A77-11D0-A535-00C04FD7D062} "Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{2206CDB2-19C1-11D1-89E0-00C04FD7A829} "Microsoft OLE DB Service Component Data Links" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll
{03C036F1-A186-11D0-824A-00AA005B4383} "Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{3C374A40-BAE4-11CF-BF7D-00AA006946EE} "Microsoft Url History Service" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{8856f961-340a-11d0-a96b-00c04fd705a2} "Microsoft Web Browser" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{A6FD9E45-6E44-43f9-8644-08598F5A74D9} "Midi Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shmedia.dll
{6756A641-DE71-11d0-831B-00AA005B4383} "MRU AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{ECF03A33-103D-11d2-854D-006008059367} "MyDocs Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll
{ECF03A32-103D-11d2-854D-006008059367} "MyDocs Drop Target" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll
{4a7ded0a-ad25-11d0-98a8-0800361b1103} "MyDocs menu and properties" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll
{7007ACC7-3202-11D1-AAD2-00805FC1270E} "Netzwerkverbindungen" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll
{992CFFA0-F557-101A-88EC-00DD010CCC48} "Netzwerkverbindungen" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll
{10CFC467-4392-11d2-8DB4-00C04FA31A66} "Offline Files Folder Options" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{750fdf0e-2a26-11d1-a3ea-080036587f03} "Offline Files Menu" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{3EA48300-8CF6-101B-84FB-666CCB9BCD32} "OLE-Eigenschaftenseite für Dokumente" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop.dll
{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} "Ordner 'Offlinedateien'" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{58f1f272-9240-4f51-b6d4-fd63d1618591} "Passport-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{41E300E0-78B6-11ce-849B-444553540000} "PlusPack CPL-Erweiterung" - "Microsoft Corporation" - C:\WINDOWS\system32\themeui.dll
{35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll
{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll
{640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\Audiodev.dll
{D8BD2030-6FC9-11D0-864F-00AA006809D9} "PostAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{AF4F6510-F982-11d0-8595-00AA004CD6D8} "Registry Tree Options Utility" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{F0152790-D56E-4445-850E-4F3117DB740C} "Remote Sessions CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\remotepg.dll
{3F953603-1008-4f6e-A73A-04AAC7A992F1} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{83bbcbf3-b28a-4919-a5aa-73027445d672} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{905667aa-acd6-11d2-8080-00805f6596d2} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{E211B736-43FD-11D1-9EFB-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll
{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} "Scheduling UI icon handler" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll
{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} "Scheduling UI property sheet handler" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll
{BD84B380-8CA2-1069-AB1D-08000948F534} "Schriftarten" - "Microsoft Corporation" - C:\WINDOWS\system32\fontext.dll
{D20EA4E1-3957-11d2-A40B-0C5020524152} "Schriftarten" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{9461b922-3c5a-11d2-bf8b-00c04fb93661} "Search Assistant OC" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\system32\sendmail.dll
{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\system32\sendmail.dll
{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} "Set Program Access and Defaults" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{352EC2B7-8B9A-11D1-B8AE-006008059382} "Shell Application Manager" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl
{0A89A860-D7B1-11CE-8350-444553540000} "Shell Automation Inproc Service" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{ECD4FC4E-521C-11D0-B792-00A0C90312E1} "Shell Band Site Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{ECD4FC4C-521C-11D0-B792-00A0C90312E1} "Shell DeskBar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} "Shell DeskBarApp" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} "Shell DocObject Viewer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{60254CA5-953B-11CF-8C96-00AA00B8708C} "Shell Extension For Windows Script Host" - "Microsoft Corporation" - C:\WINDOWS\system32\wshext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "Shell Image Data Factory" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "Shell Image Property Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{e84fda7c-1d6a-45f6-b725-cb260c236066} "Shell Image Verbs" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{00BB2763-6A77-11D0-A535-00C04FD7D062} "Shell Microsoft AutoComplete" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} "Shell properties for a DS object" - "Microsoft Corporation" - C:\WINDOWS\system32\dsquery.dll
{ECD4FC4D-521C-11D0-B792-00A0C90312E1} "Shell Rebar BandSite" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{21569614-B795-46b1-85F4-E737A8DC09AD} "Shell Search Band" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{56117100-C0CD-101B-81E2-00AA004AE837} "Shell-Datenauszughandler" - "Microsoft Corporation" - C:\WINDOWS\system32\shscrap.dll
{77597368-7b15-11d0-a0c2-080036af3f03} "Shellerweiterung für Webdrucker" - "Microsoft Corporation" - C:\WINDOWS\system32\printui.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{40dd6e20-7c17-11ce-a804-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - C:\WINDOWS\system32\ntshrui.dll
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - C:\WINDOWS\system32\ntshrui.dll
{59be4990-f85c-11ce-aff7-00aa003ca9f6} "Shellerweiterungen für Microsoft Windows-Netzwerkobjekte" - "Microsoft Corporation" - C:\WINDOWS\system32\ntlanui2.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{6b33163c-76a5-4b6c-bf21-45de9cd503a1} "Shellobjekt des Webpublishing-Assistenten" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{F5175861-2688-11d0-9C5E-00AA00A45957} "Subscription Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} "Subscription Mgr" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} "Suchen" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{0DF44EAA-FF21-4412-828E-260A8728E7F1} "Taskleiste und Startmenü" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
{7BD29E00-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{7BD29E01-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} "The Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
{acf35015-526e-4230-9596-becbe19f0ac9} "Track Popup Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} "TrayAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{7376D660-C583-11d0-A3A5-00C04FD706EC} "TridentImageExtractor" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{DD313E04-FEFF-11d1-8ECD-0000F87A470C} "User Assist" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{D20EA4E1-3957-11d2-A40B-0C5020524153} "Verwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} "Video Media Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shmedia.dll
{c5a40261-cd64-4ccf-84cb-c394da41d590} "Video Thumbnail Extractor" - "Microsoft Corporation" - C:\WINDOWS\system32\shmedia.dll
{9DB7A13C-F208-4981-8353-73CC61AE2783} "Vorherige Versionen" - "Microsoft Corporation" - C:\WINDOWS\system32\twext.dll
{E4B29F9D-D390-480b-92FD-7DDB47101D71} "Wav Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shmedia.dll
{07798131-AF23-11d1-9111-00A0C98BA67D} "Web Search" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} "WebCheck SyncMgr Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} "WebCheckChannelAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{08165EA0-E946-11CF-9C87-00AA005127ED} "WebCheckWebCrawler" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{CC6EEFFB-43F6-46c5-9619-51D571967F7D} "Webpublishing-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll
{45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL
{44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL
{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} "Windows-Sicherheit" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{9DBD2C50-62AD-11d0-B806-00C04FD706EC} "Zusammenfassungs-Miniaturansichthandler (DOCFILES)" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
{fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{35CEC8A3-2BE6-11D2-8773-92E220524153} "SysTray" - "Microsoft Corporation" - C:\WINDOWS\system32\stobject.dll
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" - "Microsoft Corporation" - C:\WINDOWS\system32\WPDShServiceObj.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} "File Search Explorer Band" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Adresse" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll
<binary data> "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Exec" - "Microsoft Corporation" - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
"ICQ7.5" - "ICQ, LLC." - C:\Programme\ICQ7.5\ICQ.exe
"Messenger" - "Microsoft Corporation" - C:\Programme\Messenger\msmsgs.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\ssv.dll
{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} "PC Tools Browser Guard BHO" - ? - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll  (File not found)
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"advapi32" - "Microsoft Corporation" - C:\WINDOWS\system32\advapi32.dll
"comdlg32" - "Microsoft Corporation" - C:\WINDOWS\system32\comdlg32.dll
"gdi32" - "Microsoft Corporation" - C:\WINDOWS\system32\gdi32.dll
"imagehlp" - "Microsoft Corporation" - C:\WINDOWS\system32\imagehlp.dll
"kernel32" - "Microsoft Corporation" - C:\WINDOWS\system32\kernel32.dll
"lz32" - "Microsoft Corporation" - C:\WINDOWS\system32\lz32.dll
"ole32" - "Microsoft Corporation" - C:\WINDOWS\system32\ole32.dll
"oleaut32" - "Microsoft Corporation" - C:\WINDOWS\system32\oleaut32.dll
"olecli32" - "Microsoft Corporation" - C:\WINDOWS\system32\olecli32.dll
"olecnv32" - "Microsoft Corporation" - C:\WINDOWS\system32\olecnv32.dll
"olesvr32" - "Microsoft Corporation" - C:\WINDOWS\system32\olesvr32.dll
"olethk32" - "Microsoft Corporation" - C:\WINDOWS\system32\olethk32.dll
"rpcrt4" - "Microsoft Corporation" - C:\WINDOWS\system32\rpcrt4.dll
"shell32" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
"url" - "Microsoft Corporation" - C:\WINDOWS\system32\url.dll
"urlmon" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll
"user32" - "Microsoft Corporation" - C:\WINDOWS\system32\user32.dll
"version" - "Microsoft Corporation" - C:\WINDOWS\system32\version.dll
"wininet" - "Microsoft Corporation" - C:\WINDOWS\system32\wininet.dll
"wldap32" - "Microsoft Corporation" - C:\WINDOWS\system32\wldap32.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Microsoft Corporation" - C:\WINDOWS\system32\msv1_0.dll
"Notification packages" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll
"Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\kerberos.dll
"Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\msv1_0.dll
"Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\schannel.dll
"Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\wdigest.dll
-----( HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders )-----
"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\msapsspc.dll
"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\schannel.dll
"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\digest.dll
"SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\msnsspc.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Ulead Photo Express SE Calendar Checker.lnk" - "Ulead Systems, Inc." - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe  (Shortcut exists | File exists)
"Watch.lnk" - "Common Group" - C:\WINDOWS\twain_32\S6U12BX\WATCH.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ctfmon.exe" - "Microsoft Corporation" - C:\WINDOWS\system32\ctfmon.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - C:\WINDOWS\Explorer.exe
"Userinit" - "Microsoft Corporation" - C:\WINDOWS\system32\userinit.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - "Microsoft Corporation" - C:\WINDOWS\system32\rdpclip.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"KernelFaultCheck" - "Microsoft Corporation" - %systemroot%\system32\dumprep 0 -k
"LayoutM" - "Chicony" - KLayMgr.exe
"NokiaMServer" - "Nokia" - C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles startup
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"RTHDCPL" - "Realtek Semiconductor Corp." - RTHDCPL.EXE
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"VMware hqtray" - "VMware, Inc." - "C:\Programme\VMware\VMware Player\hqtray.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Microsoft Windows-Netzwerk" - "Microsoft Corporation" - C:\WINDOWS\System32\ntlanman.dll
"Microsoft-Terminaldienste" - "Microsoft Corporation" - C:\WINDOWS\System32\drprov.dll
"Web Client Network" - "Microsoft Corporation" - C:\WINDOWS\System32\davclnt.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"BJ Language Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\cnbjmon.dll
"Canon BJ Language Monitor iP4500 series" - "CANON INC." - C:\WINDOWS\system32\CNMLM92.DLL
"Local Port" - "Microsoft Corporation" - C:\WINDOWS\system32\localspl.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"PJL Language Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\pjlmon.dll
"Standard TCP/IP Port" - "Microsoft Corporation" - C:\WINDOWS\system32\tcpmon.dll
"USB Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\usbmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Ablagemappe" (ClipSrv) - "Microsoft Corporation" - C:\WINDOWS\system32\clipsrv.exe
"Anmeldedienst" (Netlogon) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Arbeitsstationsdienst" (lanmanworkstation) - "Microsoft Corporation" - C:\WINDOWS\System32\wkssvc.dll
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe
"Automatic Updates" (wuauserv) - "Microsoft Corporation" - C:\WINDOWS\system32\wuauserv.dll
"Automatische Konfiguration (verkabelt)" (Dot3svc) - "Microsoft Corporation" - C:\WINDOWS\System32\dot3svc.dll
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avmailc.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Browser Defender Update Service" (Browser Defender Update Service) - ? - "C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe"  (File not found)
"COM+-Ereignissystem" (EventSystem) - "Microsoft Corporation" - C:\WINDOWS\system32\es.dll
"COM+-Systemanwendung" (COMSysApp) - "Microsoft Corporation" - C:\WINDOWS\system32\dllhost.exe
"Computerbrowser" (Browser) - "Microsoft Corporation" - C:\WINDOWS\System32\browser.dll
"CryptSvc" (CryptSvc) - "Microsoft Corporation" - C:\WINDOWS\System32\cryptsvc.dll
"DCOM-Server-Prozessstart" (DcomLaunch) - "Microsoft Corporation" - C:\WINDOWS\system32\rpcss.dll
"Designs" (Themes) - "Microsoft Corporation" - C:\WINDOWS\System32\shsvcs.dll
"DHCP-Client" (Dhcp) - "Microsoft Corporation" - C:\WINDOWS\System32\dhcpcsvc.dll
"Dienst für Seriennummern der tragbaren Medien" (WmdmPmSN) - "Microsoft Corporation" - C:\WINDOWS\system32\MsPMSNSv.dll
"Distributed Transaction Coordinator" (MSDTC) - "Microsoft Corporation" - C:\WINDOWS\system32\msdtc.exe
"DNS-Client" (Dnscache) - "Microsoft Corporation" - C:\WINDOWS\System32\dnsrslvr.dll
"Druckwarteschlange" (Spooler) - "Microsoft Corporation" - C:\WINDOWS\system32\spoolsv.exe
"Ereignisprotokoll" (Eventlog) - "Microsoft Corporation" - C:\WINDOWS\system32\services.exe
"Extensible Authentication-Protokolldienst" (EapHost) - "Microsoft Corporation" - C:\WINDOWS\System32\eapsvc.dll
"Fehlerberichterstattungsdienst" (ERSvc) - "Microsoft Corporation" - C:\WINDOWS\System32\ersvc.dll
"Gatewaydienst auf Anwendungsebene" (ALG) - "Microsoft Corporation" - C:\WINDOWS\System32\alg.exe
"Geschützter Speicher" (ProtectedStorage) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Hilfe und Support" (helpsvc) - "Microsoft Corporation" - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
"HTTP-SSL" (HTTPFilter) - "Microsoft Corporation" - C:\WINDOWS\System32\w3ssl.dll
"IMAPI-CD-Brenn-COM-Dienste" (ImapiService) - "Microsoft Corporation" - C:\WINDOWS\system32\imapi.exe
"Indexdienst" (CiSvc) - "Microsoft Corporation" - C:\WINDOWS\system32\cisvc.exe
"Infrarotüberwachung" (Irmon) - "Microsoft Corporation" - C:\WINDOWS\System32\irmon.dll
"Integritätsschlüssel- und Zertifikatverwaltungsdienst" (hkmsvc) - "Microsoft Corporation" - C:\WINDOWS\System32\kmsvc.dll
"Intelligenter Hintergrundübertragungsdienst" (BITS) - "Microsoft Corporation" - C:\WINDOWS\system32\qmgr.dll
"IPSEC-Dienste" (PolicyAgent) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"Java Quick Starter" (JavaQuickStarterService) - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jqs.exe
"Kompatibilität für schnelle Benutzerumschaltung" (FastUserSwitchingCompatibility) - "Microsoft Corporation" - C:\WINDOWS\System32\shsvcs.dll
"Konfigurationsfreie drahtlose Verbindung" (WZCSVC) - "Microsoft Corporation" - C:\WINDOWS\System32\wzcsvc.dll
"Leistungsdatenprotokolle und Warnungen" (SysmonLog) - "Microsoft Corporation" - C:\WINDOWS\system32\smlogsvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"MS Software Shadow Copy Provider" (SwPrv) - "Microsoft Corporation" - C:\WINDOWS\system32\dllhost.exe
"NAP-Agent (Network Access Protection)" (napagent) - "Microsoft Corporation" - C:\WINDOWS\System32\qagentrt.dll
"NetMeeting-Remotedesktop-Freigabe" (mnmsrvc) - "Microsoft Corporation" - C:\WINDOWS\system32\mnmsrvc.exe
"Netzwerkverbindungen" (Netman) - "Microsoft Corporation" - C:\WINDOWS\System32\netman.dll
"Netzwerkversorgungsdienst" (xmlprov) - "Microsoft Corporation" - C:\WINDOWS\System32\xmlprov.dll
"NLA (Network Location Awareness)" (Nla) - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll
"NMSAccess" (NMSAccess) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"NT-LM-Sicherheitsdienst" (NtLmSsp) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Plug & Play" (PlugPlay) - "Microsoft Corporation" - C:\WINDOWS\system32\services.exe
"QoS-RSVP" (RSVP) - "Microsoft Corporation" - C:\WINDOWS\system32\rsvp.exe
"RAS-Verbindungsverwaltung" (RasMan) - "Microsoft Corporation" - C:\WINDOWS\System32\rasmans.dll
"Remoteprozeduraufruf (RPC)" (RpcSs) - "Microsoft Corporation" - C:\WINDOWS\System32\rpcss.dll
"RPC-Locator" (RpcLocator) - "Microsoft Corporation" - C:\WINDOWS\system32\locator.exe
"Secondary Logon" (seclogon) - "Microsoft Corporation" - C:\WINDOWS\System32\seclogon.dll
"Server" (LanmanServer) - "Microsoft Corporation" - C:\WINDOWS\System32\srvsvc.dll
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"SharedAccess" (SharedAccess) - "Microsoft Corporation" - C:\WINDOWS\System32\ipnathlp.dll
"Shellhardwareerkennung" (ShellHWDetection) - "Microsoft Corporation" - C:\WINDOWS\System32\shsvcs.dll
"Sicherheitskontenverwaltung" (SamSs) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe
"Sitzungs-Manager für Remotedesktophilfe" (RDSessMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\sessmgr.exe
"Smartcard" (SCardSvr) - "Microsoft Corporation" - C:\WINDOWS\System32\SCardSvr.exe
"SSDP-Suchdienst" (SSDPSRV) - "Microsoft Corporation" - C:\WINDOWS\System32\ssdpsrv.dll
"Systemereignisbenachrichtigung" (SENS) - "Microsoft Corporation" - C:\WINDOWS\system32\sens.dll
"Systemwiederherstellungsdienst" (srservice) - "Microsoft Corporation" - C:\WINDOWS\system32\srsvc.dll
"Taskplaner" (Schedule) - "Microsoft Corporation" - C:\WINDOWS\system32\schedsvc.dll
"TCP/IP-NetBIOS-Hilfsprogramm" (LmHosts) - "Microsoft Corporation" - C:\WINDOWS\System32\lmhsvc.dll
"Telefonie" (TapiSrv) - "Microsoft Corporation" - C:\WINDOWS\System32\tapisrv.dll
"Terminaldienste" (TermService) - "Microsoft Corporation" - C:\WINDOWS\System32\termsrv.dll
"Universeller Plug & Play-Gerätehost" (upnphost) - "Microsoft Corporation" - C:\WINDOWS\System32\upnphost.dll
"Unterbrechungsfreie Stromversorgung" (UPS) - "Microsoft Corporation" - C:\WINDOWS\System32\ups.exe
"Verwaltung für automatische RAS-Verbindung" (RasAuto) - "Microsoft Corporation" - C:\WINDOWS\System32\rasauto.dll
"Verwaltung logischer Datenträger" (dmserver) - "Microsoft Corp." - C:\WINDOWS\System32\dmserver.dll
"Verwaltungsdienst für die Verwaltung logischer Datenträger" (dmadmin) - "Microsoft Corp., Veritas Software" - C:\WINDOWS\System32\dmadmin.exe
"VMware Agent Service" (ufad-ws60) - "VMware, Inc." - C:\Programme\VMware\VMware Player\vmware-ufad.exe
"VMware Authorization Service" (VMAuthdService) - "VMware, Inc." - C:\Programme\VMware\VMware Player\vmware-authd.exe
"VMware DHCP Service" (VMnetDHCP) - "VMware, Inc." - C:\WINDOWS\system32\vmnetdhcp.exe
"VMware NAT Service" (VMware NAT Service) - "VMware, Inc." - C:\WINDOWS\system32\vmnat.exe
"VMware USB Arbitration Service" (VMUSBArbService) - "VMware, Inc." - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
"Volumeschattenkopie" (VSS) - "Microsoft Corporation" - C:\WINDOWS\System32\vssvc.exe
"Webclient" (WebClient) - "Microsoft Corporation" - C:\WINDOWS\System32\webclnt.dll
"Wechselmedien" (NtmsSvc) - "Microsoft Corporation" - C:\WINDOWS\system32\ntmssvc.dll
"Windows Audio" (AudioSrv) - "Microsoft Corporation" - C:\WINDOWS\System32\audiosrv.dll
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Driver Foundation - User-mode Driver Framework" (WudfSvc) - "Microsoft Corporation" - C:\WINDOWS\System32\WUDFSvc.dll
"Windows Installer" (MSIServer) - "Microsoft Corporation" - C:\WINDOWS\system32\msiexec.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Windows-Bilderfassung (WIA)" (stisvc) - "Microsoft Corporation" - C:\WINDOWS\system32\wiaservc.dll
"Windows-Verwaltungsinstrumentation" (winmgmt) - "Microsoft Corporation" - C:\WINDOWS\system32\wbem\WMIsvc.dll
"Windows-Zeitgeber" (W32Time) - "Microsoft Corporation" - C:\WINDOWS\system32\w32time.dll
"WMI-Leistungsadapter" (WmiApSrv) - "Microsoft Corporation" - C:\WINDOWS\system32\wbem\wmiapsrv.exe
"wscsvc" (wscsvc) - "Microsoft Corporation" - C:\WINDOWS\system32\wscsvc.dll
"Überwachung verteilter Verknüpfungen (Client)" (TrkWks) - "Microsoft Corporation" - C:\WINDOWS\system32\trkwks.dll

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - "Microsoft Corporation" - C:\WINDOWS\system32\logonui.exe
"VmApplet" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" - "Microsoft Corporation" - C:\WINDOWS\system32\dot3gpclnt.dll
{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} "EFS recovery" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll
{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer Branding" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} "Internet Explorer Machine Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll
{7B849a69-220F-451E-B3FE-2CB811AF94AE} "Internet Explorer User Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll
{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer Zonemapping" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll
{C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll
{3610eda5-77ef-11d2-8dc5-00c04fa31a66} "Microsoft-Datenträgerkontingent" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquota.dll
{827D319E-6EAC-11D2-A4EA-00C04F79F83A} "Security" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll
"crypt32chain" - "Microsoft Corporation" - C:\WINDOWS\system32\crypt32.dll
"cryptnet" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptnet.dll
"cscdll" - "Microsoft Corporation" - C:\WINDOWS\system32\cscdll.dll
"dimsntfy" - "Microsoft Corporation" - C:\WINDOWS\System32\dimsntfy.dll
"ScCertProp" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll
"Schedule" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll
"sclgntfy" - "Microsoft Corporation" - C:\WINDOWS\system32\sclgntfy.dll
"SensLogn" - "Microsoft Corporation" - C:\WINDOWS\system32\WlNotify.dll
"termsrv" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll
"wlballoon" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"NLA-Namespace" - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll
"NTDS" - "Microsoft Corporation" - C:\WINDOWS\System32\winrnr.dll
"TCP/IP" - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avsda.dll
"MSAFD Irda [IrDA]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{0A8F411D-6A3F-4A10-9409-3609A262AF49}] DATAGRAM 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{0A8F411D-6A3F-4A10-9409-3609A262AF49}] SEQPACKET 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{1DB9F0C7-7C2C-4633-8ECD-BC08A44DDBD3}] DATAGRAM 0" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{1DB9F0C7-7C2C-4633-8ECD-BC08A44DDBD3}] SEQPACKET 0" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{49C2F937-94D6-44F0-9F6A-709EE4FDC8DA}] DATAGRAM 2" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{49C2F937-94D6-44F0-9F6A-709EE4FDC8DA}] SEQPACKET 2" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{B84F8EA3-F928-4D63-A14C-284EBA54F546}] DATAGRAM 4" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{B84F8EA3-F928-4D63-A14C-284EBA54F546}] SEQPACKET 4" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{DBF6C896-9CF4-4D79-9F21-E7AE445647B5}] DATAGRAM 3" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{DBF6C896-9CF4-4D79-9F21-E7AE445647B5}] SEQPACKET 3" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0BA3357-681F-49B3-A433-18374A66B8F6}] DATAGRAM 5" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0BA3357-681F-49B3-A433-18374A66B8F6}] SEQPACKET 5" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD Tcpip [RAW/IP]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD Tcpip [TCP/IP]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"MSAFD Tcpip [UDP/IP]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll
"RSVP TCP Service Provider" - "Microsoft Corporation" - C:\WINDOWS\system32\rsvpsp.dll
"RSVP UDP Service Provider" - "Microsoft Corporation" - C:\WINDOWS\system32\rsvpsp.dll
"VMCI sockets DGRAM" - "VMware, Inc." - C:\Programme\VMware\VMware Player\vsocklib.dll
"VMCI sockets STREAM" - "VMware, Inc." - C:\Programme\VMware\VMware Player\vsocklib.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-30 10:48:31
-----------------------------
10:48:31.061    OS Version: Windows 5.1.2600 Service Pack 3
10:48:31.061    Number of processors: 2 586 0x603
10:48:31.061    ComputerName: INTERNET-PC  UserName: ***
10:48:32.404    Initialize success
10:49:52.811    AVAST engine defs: 12073000
10:50:06.154    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-12
10:50:06.154    Disk 0 Vendor: SAMSUNG_HD502HI 1AG01118 Size: 476940MB BusType: 3
10:50:06.170    Disk 0 MBR read successfully
10:50:06.170    Disk 0 MBR scan
10:50:06.170    Disk 0 Windows XP default MBR code
10:50:06.170    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       476929 MB offset 63
10:50:06.170    Disk 0 scanning sectors +976752000
10:50:06.248    Disk 0 scanning C:\WINDOWS\system32\drivers
10:50:11.983    Service scanning
10:50:23.936    Modules scanning
10:50:25.686    Module: C:\WINDOWS\System32\drivers\dxgthk.sys  **SUSPICIOUS**
10:50:26.779    Disk 0 trace - called modules:
10:50:26.795    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
10:50:26.795    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89c33ab8]
10:50:26.795    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000072[0x89c88318]
10:50:26.811    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-12[0x89c18940]
10:50:27.904    AVAST engine scan C:\WINDOWS
10:50:35.029    AVAST engine scan C:\WINDOWS\system32
10:52:45.764    AVAST engine scan C:\WINDOWS\system32\drivers
10:53:00.404    AVAST engine scan C:\Dokumente und Einstellungen\***
10:55:36.967    AVAST engine scan C:\Dokumente und Einstellungen\All Users
10:56:23.795    Scan finished successfully
10:56:55.951    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"
10:56:55.967    The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR.txt"

Alt 30.07.2012, 10:21   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield eingefangen - Standard

Security Shield eingefangen


Code:
ATTFilter
C:\WINDOWS\System32\drivers\dxgthk.sys
Bitte diese Datei bei Virustotal auswerten lassen und den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.07.2012, 10:33   #29
zbraff
 
Security Shield eingefangen - Standard

Security Shield eingefangen


Ist das der richtige Link?

https://www.virustotal.com/file/c36486504c3a596fdca487143f6d3b43c0bee01321f6f1f3071976556533c419/analysis/1343640589/

Alt 30.07.2012, 15:39   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield eingefangen - Standard

Security Shield eingefangen


Ja, und die Datei ist ok

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 3 1 2 3

Themen zu Security Shield eingefangen
administrator, anti-malware, autostart, beendet, code, datei, dateien, einstellungen, explorer, frage, heuristiks/extra, heuristiks/shuriken, internet, log-datei, malwarebytes, microsoft, neustart, nicht mehr, programm, prozess, registry, scan, security, service pack 3, software, system volume information, task-manager, windows


« divxplayer.exe in Roaming Ordner | GVU-Trojaner 2.07 »


Ähnliche Themen: Security Shield eingefangen


  1. Security Shield eingefangen
    Log-Analyse und Auswertung - 08.08.2012 (8)
  2. Security Shield eingefangen +LOGS (MB-AM,OTL,ESET)
    Log-Analyse und Auswertung - 27.07.2012 (3)
  3. Security Shield - Virus eingefangen
    Log-Analyse und Auswertung - 26.07.2012 (31)
  4. habe mir den Security-shield-Virus eingefangen! Bitte um Hilfe!!
    Log-Analyse und Auswertung - 22.07.2012 (1)
  5. Security Shield 2012 Virus eingefangen - hier die Logs
    Log-Analyse und Auswertung - 03.07.2012 (3)
  6. Security Shield beim surfen eingefangen. Was tun.
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (1)
  7. Security Shield
    Log-Analyse und Auswertung - 28.06.2012 (5)
  8. Security Shield durch Maillink eingefangen!
    Log-Analyse und Auswertung - 24.06.2012 (42)
  9. Security Shield auf dem Laptop (Win XP) eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (19)
  10. Security shield trojaner eingefangen und Internet nicht mehr funktionsfähig
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (1)
  11. Nach Security Shield - Scan sind Kopien meiner Dateien da verursacht von Sec.Shield - Was tun ?
    Log-Analyse und Auswertung - 13.04.2012 (57)
  12. Security Shield!
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (98)
  13. "Security Shield"-Trojaner soeben eingefangen
    Plagegeister aller Art und deren Bekämpfung - 23.03.2012 (1)
  14. Security shield
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (15)
  15. Production Security Services- Problem nach Security Shield Attacke
    Plagegeister aller Art und deren Bekämpfung - 18.03.2012 (14)
  16. Security shield eingefangen und entfernt, gestern tauchte dann TR/Ransom.Birele.vb auf
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (1)
  17. Firefox startet immer mit Proxy und Security Shield eingefangen
    Log-Analyse und Auswertung - 01.08.2011 (23)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Security Shield eingefangen - Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert - Security Shield eingefangen...
Archiv
Du betrachtest: Security Shield eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131