|
Plagegeister aller Art und deren Bekämpfung: .ruo.4 in \\system32\d3dsdmd.dll & .ruo.6 in \\drivers\wineue.sysWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
31.03.2010, 23:06 | #1 |
| .ruo.4 in \\system32\d3dsdmd.dll & .ruo.6 in \\drivers\wineue.sys Seit wenigen Tagen meldet Avira Guard jedes Mal beim Start von Firefox 3.6.2: .ruo.4 in WINDOWS\system32\d3dsdmd.dll Seit heute meldet der Avira Guard beim Start von FF 3.6.2 zusätzlich: .ruo.6 in WINDOWS\system32\drivers\wineue.sys In allen Fällen hab ich die betroffene Datei überschreiben & löschen lassen. Im weiteren Betrieb dann kein Fund mehr, bis nach dem nächsten OS-Neustart. Anschließend dann immer wieder beim Browserstart der Fund von .ruo. Nachdem hier im Forum immer wieder der Scan mit OSAM empfohlen wurde, hab ich das heute nach dem Fund von .ruo.6 auch getan. Wohlgemerkt, ich hab mit OSAM nur gescannt - keine Häkchen gesetzt oder entfernt oder irgendwas deaktiviert... Aktueller Stand nach dem OSAM-Scan (und nach Neustart): Kein Fund mehr, auch nicht beim Start des Standardbrowsers (FF 3.6.2). FRAGE: Ist jetzt alles quasi von alleine erledigt, oder: Was ist jetzt zu tun? Nachtrag: "Von alleine erledigt" hat sich mal gar nichts - aktuell wird .ruo.6 gefunden in C:\System Volume Information\restore{fragmichnicht}\RP4\A0003160.sys Im Folgebeitrag das Log von OSAM: Geändert von berti (31.03.2010 um 23:53 Uhr) Grund: .ruo.6 in neuer Datei gefunden |
31.03.2010, 23:09 | #2 |
| .ruo.4 in \\system32\d3dsdmd.dll & .ruo.6 in \\drivers\wineue.sys _______________________________________________________________
__________________Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:26:58 on 31.03.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.2 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [x] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "Microsoft Corporation" - C:\WINDOWS\system32\autochk.exe (File signed by Microsoft) "BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore1cac6a242bcdf5a.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe -----( HKLM\SOFTWARE\Classes\exefile\shell\open\command )----- "{Default}" - ? - "%1" %* (System default value) -----( HKLM\SOFTWARE\Microsoft\Windows Scripting Host\Locations )----- "CScript" - "Microsoft Corporation" - C:\WINDOWS\System32\cscript.exe (File signed by Microsoft) "WScript" - "Microsoft Corporation" - C:\WINDOWS\System32\wscript.exe (File signed by Microsoft) [Control Panel Objects] -----( %SystemRoot%\system32 )----- "access.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\access.cpl (File signed by Microsoft) "ALSndMgr.cpl" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\ALSndMgr.cpl (File signed by Microsoft) "appwiz.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\appwiz.cpl (File signed by Microsoft) "bthprops.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\bthprops.cpl (File signed by Microsoft) "cttune.cpl" - ? - C:\WINDOWS\system32\cttune.cpl "Ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\Ddbaccpl.cpl "ddBACCTM.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddBACCTM.cpl "desk.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\desk.cpl (File signed by Microsoft) "firewall.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\firewall.cpl (File signed by Microsoft) "hdwwiz.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\hdwwiz.cpl (File signed by Microsoft) "inetcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\inetcpl.cpl (File signed by Microsoft) "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "intl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\intl.cpl (File signed by Microsoft) "irprops.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\irprops.cpl (File signed by Microsoft) "joy.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\joy.cpl (File signed by Microsoft) "main.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\main.cpl (File signed by Microsoft) "mmsys.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\mmsys.cpl (File signed by Microsoft) "ncpa.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\ncpa.cpl (File signed by Microsoft) "netsetup.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\netsetup.cpl (File signed by Microsoft) "nusrmgr.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\nusrmgr.cpl (File signed by Microsoft) "nwc.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\nwc.cpl (File signed by Microsoft) "odbccp32.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\odbccp32.cpl (File signed by Microsoft) "powercfg.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\powercfg.cpl (File signed by Microsoft) "RTSndMgr.cpl" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\RTSndMgr.cpl (File signed by Microsoft) "sysdm.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl (File signed by Microsoft) "telephon.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\telephon.cpl (File signed by Microsoft) "timedate.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\timedate.cpl (File signed by Microsoft) "txp4.cpl" - ? - C:\WINDOWS\system32\txp4.cpl (File found, but it contains no detailed information) "wscui.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wscui.cpl (File signed by Microsoft) "wuaucpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl (File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Premium " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Internet Connection Firewall" - "Microsoft Corporation" - C:\WINDOWS\system32\Firewall.cpl (File signed by Microsoft) "NetSetupWizard" - "Microsoft Corporation" - C:\WINDOWS\system32\NetSetup.cpl (File signed by Microsoft) "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "Speech" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Speech\sapi.cpl (File signed by Microsoft) [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "1394-ARP-Clientprotokoll" (Arp1394) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\arp1394.sys (File signed by Microsoft) "1394-Netzwerktreiber" (NIC1394) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\nic1394.sys (File signed by Microsoft) "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys "Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys "Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys "Asynchroner RAS -Medientreiber" (AsyncMac) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\asyncmac.sys (File signed by Microsoft) "ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (File signed by Microsoft) "Audiostubtreiber" (audstub) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\audstub.sys (File signed by Microsoft) "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "BDA MPE-Filter" (MPE) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\MPE.sys (File signed by Microsoft) "BDA Slip De-Framer" (SLIP) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\SLIP.sys (File signed by Microsoft) "BDA-IPSink" (streamip) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\StreamIP.sys (File signed by Microsoft) "Beep" (Beep) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Beep.sys (File signed by Microsoft) "Bereitstellungspunkt-Manager" (MountMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\MountMgr.sys (File signed by Microsoft) "Bluetooth-Anforderungsblocktreiber" (BthEnum) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\BthEnum.sys (File signed by Microsoft) "Bluetooth-Gerät (PAN)" (BthPan) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\bthpan.sys (File signed by Microsoft) "Bluetooth-Gerät (RFCOMM-Protokoll-TDI)" (RFCOMM) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rfcomm.sys (File signed by Microsoft) "Bluetooth-Modemkommunikationstreiber" (BTHMODEM) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\bthmodem.sys (File signed by Microsoft) "Bluetooth-Porttreiber" (BTHPORT) - "Microsoft Corporation" - C:\WINDOWS\System32\Drivers\BTHport.sys (File signed by Microsoft) "CD-ROM-Laufwerktreiber" (Cdrom) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\cdrom.sys (File signed by Microsoft) "Cdaudio" (Cdaudio) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Cdaudio.sys (File signed by Microsoft) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Digital TV receiver Driver 1.0.0.42" (BDA_Capture_220) - "WideViewer Electronics CO., LTD" - C:\WINDOWS\System32\Drivers\BDA_Capture_220.sys "Digital TV Receiver Firmware Loader 5.9.19.0" (BDA_Loader_220) - "WideView Technology Inc." - C:\WINDOWS\System32\Drivers\BDA_Loader_220.sys "Digital-TV receiver Driver 3.0.1.18" (BDA_Capture_220A) - "WideViewer Electronics CO., LTD" - C:\WINDOWS\System32\Drivers\BDA_Capture_220A.sys "Digital-TV Receiver Firmware Loader 6.6.5.0" (BDA_Loader_220A) - "WideView Technology Inc." - C:\WINDOWS\System32\Drivers\BDA_Loader_220A.sys "Diskettencontrollertreiber" (Fdc) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fdc.sys (File signed by Microsoft) "Diskettenlaufwerktreiber" (Flpydisk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\flpydisk.sys (File signed by Microsoft) "dmload" (dmload) - "Microsoft Corp., Veritas Software." - C:\WINDOWS\System32\drivers\dmload.sys (File signed by Microsoft) "DVB-T Loader" (DTV_Loader_2X1) - "WideView Technology Inc." - C:\WINDOWS\System32\Drivers\DTV_Loader_2X1.sys "DVB-T Receiver" (DTV_Capture_2X0) - "Computer & Entertainment, Inc." - C:\WINDOWS\System32\Drivers\DTV_Capture_2X0.sys "Filtertreiber für CD-Brennen" (Imapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\imapi.sys (File signed by Microsoft) "Filtertreiber für digitale CD-Audiowiedergabe" (redbook) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\redbook.sys (File signed by Microsoft) "Filtertreiber für IP-Verkehr" (IpFilterDriver) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys (File signed by Microsoft) "Filtertreiber für IPX-Verkehr" (NwlnkFlt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys (File signed by Microsoft) "Filtertreiber für Systemwiederherstellung" (sr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\sr.sys (File signed by Microsoft) "Fips" (Fips) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fips.sys (File signed by Microsoft) "FltMgr" (FltMgr) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\fltmgr.sys (File signed by Microsoft) "Fs_Rec" (Fs_Rec) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Fs_Rec.sys (File signed by Microsoft) "gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\gdrv.sys "HTTP" (HTTP) - "Microsoft Corporation" - C:\WINDOWS\System32\Drivers\HTTP.sys (File signed by Microsoft) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "i8042-Tastatur- und PS/2-Mausanschluss-Treiber" (i8042prt) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\i8042prt.sys (File signed by Microsoft) "Intel-Prozessortreiber" (intelppm) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\intelppm.sys (File signed by Microsoft) "IP/IP-Tunneltreiber" (IpInIp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipinip.sys (File signed by Microsoft) "IPSEC-Treiber" (IPSec) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipsec.sys (File signed by Microsoft) "IPv6-Windows-Firewalltreiber" (ip6fw) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\ip6fw.sys (File signed by Microsoft) "IR-Enumeratordienst" (IRENUM) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\irenum.sys (File signed by Microsoft) "Keyboard Filter Driver" (kbfilter) - "WayTech Development, Inc." - C:\WINDOWS\system32\drivers\kbfilter.sys "KSecDD" (KSecDD) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\KSecDD.sys (File signed by Microsoft) "Laufwerktreiber" (Disk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\disk.sys (File signed by Microsoft) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "Logitech HID/USB Mouse Filter Driver" (LHidFlt2) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys (File signed by Microsoft) "Logitech Mouse Class Filter Driver" (LMouFlt2) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys (File signed by Microsoft) "Logitech PS/2 Mouse Filter Driver" (L8042pr2) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys (File signed by Microsoft) "Maus-HID-Treiber" (mouhid) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mouhid.sys (File signed by Microsoft) "Mausklassentreiber" (Mouclass) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mouclass.sys (File signed by Microsoft) "Microcode Updatetreiber" (Update) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\update.sys (File signed by Microsoft) "Microsoft ACPI-Treiber" (ACPI) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ACPI.sys (File signed by Microsoft) "Microsoft Bluetooth-HID-Miniport" (HidBth) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\hidbth.sys (File signed by Microsoft) "Microsoft HID Class-Treiber" (hidusb) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\hidusb.sys (File signed by Microsoft) "Microsoft Kernel GS Wavetablesynthesizer" (swmidi) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\swmidi.sys (File signed by Microsoft) "Microsoft Kernel-Audiosplitter" (splitter) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\splitter.sys (File signed by Microsoft) "Microsoft Kernel-DLS-Synthesizer" (DMusic) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\DMusic.sys (File signed by Microsoft) "Microsoft Kernel-DRM-Audioentschlüsselung" (drmkaud) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\drmkaud.sys (File signed by Microsoft) "Microsoft Kernel-Echounterdrückung" (aec) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\aec.sys (File signed by Microsoft) "Microsoft Kernel-Systemaudiogerät" (sysaudio) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\sysaudio.sys (File signed by Microsoft) "Microsoft Kernel-Waveaudiomixer" (kmixer) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\kmixer.sys (File signed by Microsoft) "Microsoft Proxy für Streaming Clock" (MSPCLOCK) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSPCLOCK.sys (File signed by Microsoft) "Microsoft Proxy für Streaming Quality Manager" (MSPQM) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSPQM.sys (File signed by Microsoft) "Microsoft Standard-USB-Haupttreiber" (usbccgp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbccgp.sys (File signed by Microsoft) "Microsoft Streaming Service Proxy" (MSKSSRV) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSKSSRV.sys (File signed by Microsoft) "Microsoft Streaming Tee/Sink-to-Sink-Konvertierung" (MSTEE) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\MSTEE.sys (File signed by Microsoft) "Microsoft TV-/Videoverbindung" (NdisIP) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\NdisIP.sys (File signed by Microsoft) "Microsoft UAA-Bustreiber für High Definition Audio" (HDAudBus) - "Windows (R) Server 2003 DDK provider" - C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (File signed by Microsoft) "Microsoft USB-Druckerklasse" (usbprint) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbprint.sys (File signed by Microsoft) "Microsoft USB-Standardhubtreiber" (usbhub) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbhub.sys (File signed by Microsoft) "Microsoft-Systemverwaltungs-BIOS-Treiber" (mssmbios) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mssmbios.sys (File signed by Microsoft) "Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller" (usbehci) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbehci.sys (File signed by Microsoft) "Miniporttreiber für universellen Microsoft USB-Hostcontroller" (usbuhci) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbuhci.sys (File signed by Microsoft) "mnmdd" (mnmdd) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\mnmdd.sys (File signed by Microsoft) "Modem" (Modem) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Modem.sys (File signed by Microsoft) "MotCcgpFlService" (motccgpfl) - ? - C:\WINDOWS\System32\DRIVERS\motccgpfl.sys (File not found) "Motorola Inc. USB Device" (MotDev) - "Motorola Inc" - C:\WINDOWS\System32\DRIVERS\motodrv.sys (File signed by Microsoft) "Motorola USB CDC ACM Driver" (motmodem) - "Motorola" - C:\WINDOWS\System32\DRIVERS\motmodem.sys (File signed by Microsoft) "Motorola USB Composite Device Driver" (motccgp) - ? - C:\WINDOWS\System32\DRIVERS\motccgp.sys (File not found) "MotoSwitch Service" (MotoSwitchService) - ? - C:\WINDOWS\System32\DRIVERS\motswch.sys (File not found) "MRXSMB" (MRxSmb) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys (File signed by Microsoft) "Msfs" (Msfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Msfs.sys (File signed by Microsoft) "Mup" (Mup) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Mup.sys (File signed by Microsoft) "NABTS/FEC VBI-Codec" (NABTSFEC) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys (File signed by Microsoft) "NDIS-Benutzermodus-E/A-Protokoll" (Ndisuio) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndisuio.sys (File signed by Microsoft) "NDIS-Systemtreiber" (NDIS) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\NDIS.sys (File signed by Microsoft) "NDProxy" (NDProxy) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\NDProxy.sys (File signed by Microsoft) "NetBios über TCP/IP" (NetBT) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\netbt.sys (File signed by Microsoft) "NetBIOS-Schnittstelle" (NetBIOS) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\netbios.sys (File signed by Microsoft) "Npfs" (Npfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Npfs.sys (File signed by Microsoft) "Ntfs" (Ntfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Ntfs.sys (File signed by Microsoft) "Null" (Null) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Null.sys (File signed by Microsoft) "Parallelanschluss (direkt)" (Raspti) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspti.sys (File signed by Microsoft) "Partitions-Manager" (PartMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\PartMgr.sys (File signed by Microsoft) "ParVdm" (ParVdm) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ParVdm.sys (File signed by Microsoft) "PCI-Bus-Treiber" (PCI) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\pci.sys (File signed by Microsoft) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PCIIde" (PCIIde) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\pciide.sys (File signed by Microsoft) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PnP-ISA/EISA-Bus-Treiber" (isapnp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\isapnp.sys (File signed by Microsoft) "PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys "Protokoll für ATM ARP-Client" (Atmarpc) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\atmarpc.sys (File signed by Microsoft) "Prozessortreiber" (Processor) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\processr.sys (File signed by Microsoft) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "QoS-Paketplaner" (PSched) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\psched.sys (File signed by Microsoft) "RAS-IP-ARP-Treiber" (Wanarp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wanarp.sys (File signed by Microsoft) "RAS-NDIS-TAPI-Treiber" (NdisTapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndistapi.sys (File signed by Microsoft) "RAS-NDIS-WAN-Treiber" (NdisWan) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ndiswan.sys (File signed by Microsoft) "Rdbss" (Rdbss) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rdbss.sys (File signed by Microsoft) "RDPCDD" (RDPCDD) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (File signed by Microsoft) "RDPWD" (RDPWD) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\RDPWD.sys (File signed by Microsoft) "Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver" (RTLE8023xp) - "Realtek Semiconductor Corporation " - C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys (File signed by Microsoft) "Redirector für WebDav-Client" (MRxDAV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mrxdav.sys (File signed by Microsoft) "REGMON" (REGMON) - ? - C:\WINDOWS\system32\drivers\REGSYS.SYS (File not found) "Remotezugriff-PPPOE-Treiber" (RasPppoe) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspppoe.sys (File signed by Microsoft) "Secdrv" (Secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - C:\WINDOWS\System32\DRIVERS\secdrv.sys (File signed by Microsoft) "Serenum-Filtertreiber" (Serenum) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\serenum.sys (File signed by Microsoft) "Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\RtkHDAud.sys (File signed by Microsoft) "Sfloppy" (Sfloppy) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Sfloppy.sys (File signed by Microsoft) "Software-Bus-Treiber" (swenum) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\swenum.sys (File signed by Microsoft) "Sony Ericsson 750 driver (WDM)" (k750bus) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750bus.sys (File signed by Microsoft) "Sony Ericsson 750 USB WMC Device Management Drivers" (k750mgmt) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750mgmt.sys (File signed by Microsoft) "Sony Ericsson 750 USB WMC Modem Drivers" (k750mdm) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750mdm.sys (File signed by Microsoft) "Sony Ericsson 750 USB WMC Modem Filter" (k750mdfl) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750mdfl.sys (File signed by Microsoft) "Sony Ericsson 750 USB WMC OBEX Interface Drivers" (k750obex) - "MCCI" - C:\WINDOWS\System32\DRIVERS\k750obex.sys (File signed by Microsoft) "Sony Ericsson Device 115 driver (WDM)" (s115bus) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s115bus.sys (File signed by Microsoft) "Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)" (s115mgmt) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s115mgmt.sys (File signed by Microsoft) "Sony Ericsson Device 115 USB WMC Modem Driver" (s115mdm) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s115mdm.sys (File signed by Microsoft) "Sony Ericsson Device 115 USB WMC Modem Filter" (s115mdfl) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s115mdfl.sys (File signed by Microsoft) "Sony Ericsson Device 115 USB WMC OBEX Interface" (s115obex) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s115obex.sys (File signed by Microsoft) "Srv" (Srv) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\srv.sys (File signed by Microsoft) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "Standard-IDE/ESDI-Festplattencontroller" (atapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\atapi.sys (File signed by Microsoft) "Standardpaketklassifizierung" (Gpc) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\msgpc.sys (File signed by Microsoft) "STR100 Serial Reader" (str100) - "SCM Microsystems Inc." - C:\WINDOWS\System32\DRIVERS\str1002k.sys (File signed by Microsoft) "STR391 Reader" (STR391) - "SCM Microsystems Inc." - C:\WINDOWS\System32\DRIVERS\STR391.sys (File signed by Microsoft) "Tastatur-HID-Treiber" (kbdhid) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\kbdhid.sys (File signed by Microsoft) "Tastaturklassentreiber" (Kbdclass) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\kbdclass.sys (File signed by Microsoft) "TCP/IP-Protokolltreiber" (Tcpip) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\tcpip.sys (File signed by Microsoft) "TDPIPE" (TDPIPE) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\TDPIPE.sys (File signed by Microsoft) "TDTCP" (TDTCP) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\TDTCP.sys (File signed by Microsoft) "Terminal-Gerätetreiber" (TermDD) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\termdd.sys (File signed by Microsoft) "Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller" (ohci1394) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ohci1394.sys (File signed by Microsoft) "Treiber für automatische RAS-Verbindung" (RasAcd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rasacd.sys (File signed by Microsoft) "Treiber für die Verwaltung logischer Datenträger" (dmio) - "Microsoft Corp., Veritas Software" - C:\WINDOWS\System32\drivers\dmio.sys (File signed by Microsoft) "Treiber für direkte Parallelverbindung" (Ptilink) - "Parallel Technologies, Inc." - C:\WINDOWS\System32\DRIVERS\ptilink.sys (File signed by Microsoft) "Treiber für IPX-Verkehrsweiterleitung" (NwlnkFwd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys (File signed by Microsoft) "Treiber für Microsoft WINMM-WDM-Audiokompatibilität" (wdmaud) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\wdmaud.sys (File signed by Microsoft) "Treiber für parallelen Anschluss" (Parport) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\parport.sys (File signed by Microsoft) "Treiber für seriellen Anschluss" (Serial) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\serial.sys (File signed by Microsoft) "Treiber für Terminalserver-Geräteumleitung" (rdpdr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rdpdr.sys (File signed by Microsoft) "Treiber für Volume-Manager" (Ftdisk) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ftdisk.sys (File signed by Microsoft) "Udfs" (Udfs) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Udfs.sys (File signed by Microsoft) "Umgebung für die AFD-Netzwerkunterstützung" (AFD) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\afd.sys (File signed by Microsoft) "Untertiteldecoder" (CCDECODE) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\CCDECODE.sys (File signed by Microsoft) "USB-Massenspeichertreiber" (USBSTOR) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS (File signed by Microsoft) "USB-Scannertreiber" (usbscan) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\usbscan.sys (File signed by Microsoft) "USB-Treiber für Bluetooth-Funkgerät" (BTHUSB) - "Microsoft Corporation" - C:\WINDOWS\System32\Drivers\BTHUSB.sys (File signed by Microsoft) "VGA-Anzeigecontroller." (VgaSave) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\vga.sys (File signed by Microsoft) "VolSnap" (VolSnap) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\VolSnap.sys (File signed by Microsoft) "WAN-Miniport (L2TP)" (Rasl2tp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rasl2tp.sys (File signed by Microsoft) "WAN-Miniport (PPTP)" (PptpMiniport) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\raspptp.sys (File signed by Microsoft) "WayTech Filter Driver" (UsbFltr) - "Waytech Development, Inc." - C:\WINDOWS\System32\DRIVERS\UsbFltr.sys (File signed by Microsoft) "Wdf01000" (Wdf01000) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\Wdf01000.sys (File signed by Microsoft) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "Windows Driver Foundation - User-mode Driver Framework Platform Driver" (WudfPf) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\WudfPf.sys (File signed by Microsoft) "Windows Driver Foundation - User-mode Driver Framework Reflector" (WudfRd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wudfrd.sys (File signed by Microsoft) "Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung" (WS2IFSL) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\ws2ifsl.sys (File signed by Microsoft) "World Standard Teletext-Codec" (WSTCODEC) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS (File signed by Microsoft) "WpdUsb" (WpdUsb) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wpdusb.sys (File signed by Microsoft) "Übersetzer für IP-Netzwerkadressen" (IpNat) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\ipnat.sys (File signed by Microsoft) [Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )----- "(0) Die derzeitige Homepage" - ? - About:Home (System default value) -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {7790769C-0471-11d2-AF11-00C04FA35D02} "Adressbuch 6" - "Microsoft Corporation" - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install (File signed by Microsoft) >{60B49E34-C7CC-11D0-8953-00A0C90347FF} "Browser Customizations" - "Microsoft Corporation" - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP (File signed by Microsoft) >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS "Browseranpassungen" - "Microsoft Corporation" - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (File signed by Microsoft) >{26923b43-4d38-484f-9b9e-de460746276c} "Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig (File signed by Microsoft) {89820200-ECBD-11cf-8B85-00AA005B4383} "Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings (File signed by Microsoft) {44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Outlook Express 6" - "Microsoft Corporation" - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install (File signed by Microsoft) {6BF52A52-394A-11d3-B153-00C04F79FAA6} "Microsoft Windows Media Player" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub (File signed by Microsoft) {44BBA842-CC51-11CF-AAFA-00AA00B6015B} "NetMeeting 3.01" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT (File signed by Microsoft) >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} "Outlook Express" - "Microsoft Corporation" - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE (File signed by Microsoft) {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install {2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll (File signed by Microsoft) <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} "Versions-Update für Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieudinit.exe (File signed by Microsoft) {89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" - "Microsoft Corporation" - regsvr32.exe /s /n /i:U shell32.dll (File signed by Microsoft) >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP (File signed by Microsoft) {5945c046-1e7d-11d1-bc44-00c04fd912be} "Windows Messenger 4.7" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser (File signed by Microsoft) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (File signed by Microsoft) {24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (File signed by Microsoft) {24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (File signed by Microsoft) {66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (File signed by Microsoft) -----( HKLM\Software\Classes\Protocols\Filter )----- {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} "AP Class Install Handler filter" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (File signed by Microsoft) -----( HKLM\Software\Classes\Protocols\Handler )----- {3dd53d40-7b8b-11D0-b013-00aa0059ce02} "CDL: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll (File signed by Microsoft) {79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {79eac9e3-baf9-11ce-8c82-00aa004ba90b} "ftp: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {79eac9e4-baf9-11ce-8c82-00aa004ba90b} "gopher: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {79eac9e2-baf9-11ce-8c82-00aa004ba90b} "http: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {79eac9e5-baf9-11ce-8c82-00aa004ba90b} "https: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {05300401-BCBC-11d0-85E3-00C04FD85AB4} "MHTML Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\inetcomm.dll (File signed by Microsoft) {3050F406-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML About Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll (File signed by Microsoft) {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll (File signed by Microsoft) {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll (File signed by Microsoft) {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Mailto Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll (File signed by Microsoft) {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Resource Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll (File signed by Microsoft) {76E67A63-06E9-11D2-A840-006008059382} "Microsoft HTML Resource Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\System32\mshtml.dll (File signed by Microsoft) {9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\WINDOWS\System32\itss.dll (File signed by Microsoft) {9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\WINDOWS\System32\itss.dll (File signed by Microsoft) {79eac9e6-baf9-11ce-8c82-00aa004ba90b} "mk: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll (File signed by Microsoft) {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} "WiaProtocol Class" - "Microsoft Corporation" - C:\WINDOWS\System32\wiascr.dll (File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )----- {438755C2-A8BA-11D1-B96B-00A0C90312E1} "Browseui preloader" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {8C7461EF-2B13-11d2-BE35-3078302C2030} "Component Categories cache daemon" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll (File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {01E04581-4EEE-11d0-BFE9-00AA005B4383} "&Adresse" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {F2CF5485-4E02-4f68-819C-B92DE9277049} "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {32714800-2E5F-11d0-8B85-00AA0044F941} "&Nach Personen..." - "Microsoft Corporation" - C:\Programme\Outlook Express\wabfind.dll (File signed by Microsoft) {7e653215-fa25-46bd-a339-34a2790f3cb7} "Accessible" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll {C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll {C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll {88C6C381-2E85-11D0-94DE-444553540000} "ActiveX Cache Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\occache.dll (File signed by Microsoft) {A08C11D2-A228-11d0-825B-00AA005B4383} "Address EditBox" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {85BBD920-42A0-1069-A2E4-08002B30309D} "Aktenkoffer" - "Microsoft Corporation" - C:\WINDOWS\system32\syncui.dll (File signed by Microsoft) {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} "Audio Media Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\shmedia.dll (File signed by Microsoft) {91EA3F8B-C99B-11d0-9815-00C04FD91972} "Augmented Shell Folder" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {6413BA2C-B461-11d1-A18A-080036B11A03} "Augmented Shell Folder 2" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} "Ausführen..." - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (File signed by Microsoft) {5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl (File signed by Microsoft) {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} "Automatische Diashowwiedergabe der Shell" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (File signed by Microsoft) {87D62D94-71B3-4b9a-9489-5FE6850DC73E} "Avi Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\shmedia.dll (File signed by Microsoft) {F61FFEC1-754F-11d0-80CA-00AA005B4383} "BandProxy" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {7A9D77BD-5403-11d2-8785-2E0420524153} "Benutzerkonten" - "Microsoft Corporation" - C:\WINDOWS\System32\netplwiz.dll (File signed by Microsoft) {add36aa8-751a-4579-a266-d66f5202ccbb} "Bestellung von Abzügen über das Internet" - "Microsoft Corporation" - C:\WINDOWS\System32\netplwiz.dll (File signed by Microsoft) {67EA19A0-CCEF-11d0-8024-00C04FD75D13} "CDF Extension Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {7D559C10-9FE9-11d0-93F7-00AA0059CE02} "Code Download Agent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll (File signed by Microsoft) {BD472F60-27FA-11cf-B8B4-444553540000} "Compressed (zipped) Folder Right Drag Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\zipfldr.dll (File signed by Microsoft) {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} "Compressed (zipped) Folder SendTo Target" - "Microsoft Corporation" - C:\WINDOWS\System32\zipfldr.dll (File signed by Microsoft) {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} "CompressedFolder" - "Microsoft Corporation" - C:\WINDOWS\System32\zipfldr.dll (File signed by Microsoft) {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} "ConnectionAgent" - "Microsoft Corporation" - C:\WINDOWS\System32\webcheck.dll (File signed by Microsoft) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {42071713-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Bildschirme" - "Microsoft Corporation" - C:\WINDOWS\system32\deskmon.dll (File signed by Microsoft) {42071712-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Grafikkarten" - "Microsoft Corporation" - C:\WINDOWS\system32\deskadp.dll (File signed by Microsoft) {7444C717-39BF-11D1-8CD9-00C04FC29D45} "CryptPKO Class" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptext.dll (File signed by Microsoft) {7444C719-39BF-11D1-8CD9-00C04FC29D45} "CryptSig Class" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptext.dll (File signed by Microsoft) {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} "Custom MRU AutoCompleted List" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {CFCCC7A0-A282-11D1-9082-006008059382} "Darwin App Publisher" - "Microsoft Corporation" - C:\WINDOWS\System32\appwiz.cpl (File signed by Microsoft) {738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Datei-Manager" - ? - (File not found | COM-object registry key not found) {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} "DfsShell Class" - "Microsoft Corporation" - C:\WINDOWS\System32\dfsshlex.dll (File signed by Microsoft) {62AE1F9A-126A-11D0-A14B-0800361B1103} "Directory Context Menu Verbs" - "Microsoft Corporation" - C:\WINDOWS\System32\dsuiext.dll (File signed by Microsoft) {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} "Directory Object Find" - "Microsoft Corporation" - C:\WINDOWS\System32\dsquery.dll (File signed by Microsoft) {0D45D530-764B-11d0-A1CA-00AA00C16E65} "Directory Property UI" - "Microsoft Corporation" - C:\WINDOWS\System32\dsuiext.dll (File signed by Microsoft) {8A23E65E-31C2-11d0-891C-00A024AB2DBB} "Directory Query UI" - "Microsoft Corporation" - C:\WINDOWS\System32\dsquery.dll (File signed by Microsoft) {F020E586-5264-11d1-A532-0000F8757D7E} "Directory Start/Search Find" - "Microsoft Corporation" - C:\WINDOWS\System32\dsquery.dll (File signed by Microsoft) {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "Display CPL Extension" - ? - (File not found | COM-object registry key not found) {f92e8c40-3d33-11d2-b1aa-080036a75b03} "Display TroubleShoot CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\deskperf.dll (File signed by Microsoft) {22BF0C20-6DA7-11D0-B373-00A0C9034938} "Download Status" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {60fd46de-f830-4894-a628-6fa81bc0190d} "Drop-Zielobjekt für den Fotodruck-Assistent" - "Microsoft Corporation" - C:\WINDOWS\System32\photowiz.dll (File signed by Microsoft) {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} "E-Mail" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (File signed by Microsoft) {00022613-0000-0000-C000-000000000046} "Eigenschaften für Multimediadatei" - "Microsoft Corporation" - C:\WINDOWS\system32\mmsys.cpl (File signed by Microsoft) {1F2E5C40-9550-11CE-99D2-00AA006E086C} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\rshx32.dll (File signed by Microsoft) {4E40F770-369C-11d0-8922-00A024AB2DBB} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\dssec.dll (File signed by Microsoft) {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\rshx32.dll (File signed by Microsoft) {59099400-57FF-11CE-BD94-0020AF85B590} "Erweiterung für Datenträgerkopien" - "Microsoft Corporation" - C:\WINDOWS\system32\diskcopy.dll (File signed by Microsoft) {EFA24E64-B078-11d0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {692F0339-CBAA-47e6-B5B5-3B84DB604E87} "Extensions Manager Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\extmgr.dll (File signed by Microsoft) {7A80E4A8-8005-11D2-BCF8-00C04F72C717} "ExtractIcon Class" - "Microsoft Corporation" - C:\WINDOWS\System32\mmcshext.dll (File signed by Microsoft) {EFA24E61-B078-11d0-89E4-00C04FC9E26E} "Favorites Band" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {3F30C968-480A-4C6C-862D-EFC0897BB84B} "GDI+ Dateiminiaturansicht-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (File signed by Microsoft) {D6277990-4C6A-11CF-8D87-00AA0060F5BF} "Geplante Tasks" - "Microsoft Corporation" - C:\WINDOWS\System32\mstask.dll (File signed by Microsoft) {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "Global Folder Settings" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} "Hilfe und Support" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (File signed by Microsoft) {FF393560-C2A7-11CF-BFF4-444553540000} "History" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {25336920-03f9-11cf-8fd0-00aa00686f13} "HTML Document" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll (File signed by Microsoft) {EAB841A0-9550-11cf-8C16-00805F1408F3} "HTML-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (File signed by Microsoft) {88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - "Hilgraeve, Inc." - C:\WINDOWS\System32\hticons.dll (File signed by Microsoft) {DBCE2480-C732-101B-BE72-BA78E9AD5B27} "ICC-Profil" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll (File signed by Microsoft) {675F097E-4C4D-11D0-B6C1-0800091AA605} "ICM-Druckerverwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll (File signed by Microsoft) {5DB2625A-54DF-11D0-B6C4-0800091AA605} "ICM-Monitorverwaltung" - "Microsoft Corporation" - C:\WINDOWS\System32\icmui.dll (File signed by Microsoft) {176d6597-26d3-11d1-b350-080036a75b03} "ICM-Scannerverwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\icmui.dll (File signed by Microsoft) {3028902F-6374-48b2-8DC6-9725E775B926} "IE AutoComplete" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {73CFD649-CD48-4fd8-A272-2070EA56526B} "IE BandProxy" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {FDE7673D-2E19-4145-8376-BBD58C4BC7BA} "IE Custom MRU AutoCompleted List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {1C1EDB47-CE22-4bbb-B608-77B48F83C823} "IE Fade Task" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {11016101-E366-4D22-BC06-4ADA335C892B} "IE History and Feeds Shell Data Source for Windows Search" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {6CF48EF8-44CD-45d2-8832-A16EA016311B} "IE IShellFolderBand" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {4B78D326-D922-44f9-AF2A-07805C2A3560} "IE Menu Band" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {205D7A97-F16D-4691-86EF-F3075DCCA57D} "IE Menu Desk Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {44C76ECD-F7FA-411c-9929-1B77BA77F524} "IE Menu Site" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {07C45BB1-4A8C-4642-A1F5-237E7215FF66} "IE Microsoft BrowserBand" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {6038EF75-ABFC-4e59-AB6F-12D397F6568D} "IE Microsoft History AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {B31C5FAE-961F-415b-BAF0-E697A5178B94} "IE Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {9D958C62-3954-4b44-8FAB-C4670C1DB4C2} "IE Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} "IE MRU AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {43886CD5-6529-41c4-A707-7B3C92C05E68} "IE Navigation Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} "IE Registry Tree Options Utility" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} "IE RSS Feeds Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {30D02401-6A81-11d0-8274-00C04FD5AE38} "IE Search Band" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {E6EE9AAC-F76B-4947-8260-A9F136138E11} "IE Shell Band Site Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} "IE Shell Rebar BandSite" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} "IE Tracking Shell Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} "IE4 Suite-Begrüßungsbildschirm" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {169A0691-8DF9-11d1-A1C4-00C04FD75D13} "In-pane search" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {0B124F8F-91F0-11D1-B8B5-006008059382} "Installed Apps Enumerator" - "Microsoft Corporation" - C:\WINDOWS\System32\appwiz.cpl (File signed by Microsoft) {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} "Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (File signed by Microsoft) {871C5380-42A0-1069-A2EA-08002B30309D} "Internet Name Space" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {FBF23B40-E3F0-101B-8488-00AA003E56F8} "Internet Shortcut" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {131A6951-7F78-11D0-A979-00C04FD705A2} "ISFBand OC" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} "Kabinettdatei" - "Microsoft Corporation" - C:\WINDOWS\system32\cabview.dll (File signed by Microsoft) {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} "Kompatibilitätsseite" - "Microsoft Corporation" - C:\WINDOWS\system32\SlayerXP.dll (File signed by Microsoft) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {3050f3d9-98b5-11cf-bb82-00aa00bdce0b} "MHTML Document" - "Microsoft Corporation" - C:\WINDOWS\system32\mshtml.dll (File signed by Microsoft) {143A62C8-C33B-11D1-84FE-00C04FA34A14} "Microsoft Agent Character Property Sheet Handler" - "Microsoft Corporation" - C:\WINDOWS\msagent\agentpsh.dll (File signed by Microsoft) {00BB2763-6A77-11D0-A535-00C04FD7D062} "Microsoft AutoComplete" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} "Microsoft Browser Architecture" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {7BA4C742-9E81-11CF-99D3-00AA004AE837} "Microsoft BrowserBand" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {7988B573-EC89-11cf-9C00-00AA00A14F56} "Microsoft Disk Quota UI" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquoui.dll (File signed by Microsoft) {6A205B57-2567-4A2C-B881-F787FAB579A3} "Microsoft DocProp Inplace Calendar Control" - "Microsoft Corporation" - C:\WINDOWS\System32\docprop2.dll (File signed by Microsoft) {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} "Microsoft DocProp Inplace Droplist Combo Control" - "Microsoft Corporation" - C:\WINDOWS\System32\docprop2.dll (File signed by Microsoft) {A9CF0EAE-901A-4739-A481-E35B73E47F6D} "Microsoft DocProp Inplace Edit Box Control" - "Microsoft Corporation" - C:\WINDOWS\System32\docprop2.dll (File signed by Microsoft) {8EE97210-FD1F-4B19-91DA-67914005F020} "Microsoft DocProp Inplace ML Edit Box Control" - "Microsoft Corporation" - C:\WINDOWS\System32\docprop2.dll (File signed by Microsoft) {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} "Microsoft DocProp Inplace Time Control" - "Microsoft Corporation" - C:\WINDOWS\System32\docprop2.dll (File signed by Microsoft) {883373C3-BF89-11D1-BE35-080036B11A03} "Microsoft DocProp Shell Ext" - "Microsoft Corporation" - C:\WINDOWS\System32\docprop2.dll (File signed by Microsoft) {63da6ec0-2e98-11cf-8d82-444553540000} "Microsoft FTP Folder" - "Microsoft Corporation" - C:\WINDOWS\System32\msieftp.dll (File signed by Microsoft) {00BB2764-6A77-11D0-A535-00C04FD7D062} "Microsoft History AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {5E6AB780-7743-11CF-A12B-00AA004AE837} "Microsoft Internet Toolbar" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {00BB2765-6A77-11D0-A535-00C04FD7D062} "Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {2206CDB2-19C1-11D1-89E0-00C04FD7A829} "Microsoft OLE DB Service Component Data Links" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll (File signed by Microsoft) {03C036F1-A186-11D0-824A-00AA005B4383} "Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {3C374A40-BAE4-11CF-BF7D-00AA006946EE} "Microsoft Url History Service" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {8856f961-340a-11d0-a96b-00c04fd705a2} "Microsoft Web Browser" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {A6FD9E45-6E44-43f9-8644-08598F5A74D9} "Midi Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\shmedia.dll (File signed by Microsoft) {6756A641-DE71-11d0-831B-00AA005B4383} "MRU AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {ECF03A33-103D-11d2-854D-006008059367} "MyDocs Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\System32\mydocs.dll (File signed by Microsoft) {ECF03A32-103D-11d2-854D-006008059367} "MyDocs Drop Target" - "Microsoft Corporation" - C:\WINDOWS\System32\mydocs.dll (File signed by Microsoft) {4a7ded0a-ad25-11d0-98a8-0800361b1103} "MyDocs menu and properties" - "Microsoft Corporation" - C:\WINDOWS\System32\mydocs.dll (File signed by Microsoft) {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll {7007ACC7-3202-11D1-AAD2-00805FC1270E} "Netzwerkverbindungen" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll (File signed by Microsoft) {992CFFA0-F557-101A-88EC-00DD010CCC48} "Netzwerkverbindungen" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll (File signed by Microsoft) {10CFC467-4392-11d2-8DB4-00C04FA31A66} "Offline Files Folder Options" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll (File signed by Microsoft) {750fdf0e-2a26-11d1-a3ea-080036587f03} "Offline Files Menu" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll (File signed by Microsoft) {3EA48300-8CF6-101B-84FB-666CCB9BCD32} "OLE-Eigenschaftenseite für Dokumente" - "Microsoft Corporation" - C:\WINDOWS\system32\docprop.dll (File signed by Microsoft) {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} "Ordner 'Offlinedateien'" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll (File signed by Microsoft) {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\OFFICE~1\Office\OLKFSTUB.DLL {58f1f272-9240-4f51-b6d4-fd63d1618591} "Passport-Assistent" - "Microsoft Corporation" - C:\WINDOWS\System32\netplwiz.dll (File signed by Microsoft) {41E300E0-78B6-11ce-849B-444553540000} "PlusPack CPL-Erweiterung" - "Microsoft Corporation" - C:\WINDOWS\System32\themeui.dll (File signed by Microsoft) {35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll (File signed by Microsoft) {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll (File signed by Microsoft) {640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\Audiodev.dll (File signed by Microsoft) {D8BD2030-6FC9-11D0-864F-00AA006809D9} "PostAgent" - "Microsoft Corporation" - C:\WINDOWS\System32\webcheck.dll (File signed by Microsoft) {9DB7A13C-F208-4981-8353-73CC61AE2783} "Previous Versions" - "Microsoft Corporation" - C:\WINDOWS\system32\twext.dll (File signed by Microsoft) {596AB062-B4D2-4215-9F74-E9109B0A8153} "Previous Versions Property Page" - "Microsoft Corporation" - C:\WINDOWS\system32\twext.dll (File signed by Microsoft) {AF4F6510-F982-11d0-8595-00AA004CD6D8} "Registry Tree Options Utility" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {F0152790-D56E-4445-850E-4F3117DB740C} "Remote Sessions CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\System32\remotepg.dll (File signed by Microsoft) {3F953603-1008-4f6e-A73A-04AAC7A992F1} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll (File signed by Microsoft) {83bbcbf3-b28a-4919-a5aa-73027445d672} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll (File signed by Microsoft) {905667aa-acd6-11d2-8080-00805f6596d2} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll (File signed by Microsoft) {E211B736-43FD-11D1-9EFB-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll (File signed by Microsoft) {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll (File signed by Microsoft) {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} "Scheduling UI icon handler" - "Microsoft Corporation" - C:\WINDOWS\System32\mstask.dll (File signed by Microsoft) {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} "Scheduling UI property sheet handler" - "Microsoft Corporation" - C:\WINDOWS\System32\mstask.dll (File signed by Microsoft) {BD84B380-8CA2-1069-AB1D-08000948F534} "Schriftarten" - "Microsoft Corporation" - C:\WINDOWS\system32\fontext.dll (File signed by Microsoft) {D20EA4E1-3957-11d2-A40B-0C5020524152} "Schriftarten" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (File signed by Microsoft) {9461b922-3c5a-11d2-bf8b-00c04fb93661} "Search Assistant OC" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\System32\sendmail.dll (File signed by Microsoft) {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\System32\sendmail.dll (File signed by Microsoft) {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} "Set Program Access and Defaults" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (File signed by Microsoft) {352EC2B7-8B9A-11D1-B8AE-006008059382} "Shell Application Manager" - "Microsoft Corporation" - C:\WINDOWS\System32\appwiz.cpl (File signed by Microsoft) {0A89A860-D7B1-11CE-8350-444553540000} "Shell Automation Inproc Service" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {ECD4FC4E-521C-11D0-B792-00A0C90312E1} "Shell Band Site Menu" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {ECD4FC4C-521C-11D0-B792-00A0C90312E1} "Shell DeskBar" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} "Shell DeskBarApp" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} "Shell DocObject Viewer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {60254CA5-953B-11CF-8C96-00AA00B8708C} "Shell Extension For Windows Script Host" - "Microsoft Corporation" - C:\WINDOWS\System32\wshext.dll (File signed by Microsoft) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "Shell Image Data Factory" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (File signed by Microsoft) {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "Shell Image Property Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (File signed by Microsoft) {e84fda7c-1d6a-45f6-b725-cb260c236066} "Shell Image Verbs" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (File signed by Microsoft) {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} "Shell properties for a DS object" - "Microsoft Corporation" - C:\WINDOWS\System32\dsquery.dll (File signed by Microsoft) {ECD4FC4D-521C-11D0-B792-00A0C90312E1} "Shell Rebar BandSite" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {21569614-B795-46b1-85F4-E737A8DC09AD} "Shell Search Band" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll (File signed by Microsoft) {56117100-C0CD-101B-81E2-00AA004AE837} "Shell-Datenauszughandler" - "Microsoft Corporation" - C:\WINDOWS\system32\shscrap.dll (File signed by Microsoft) {77597368-7b15-11d0-a0c2-080036af3f03} "Shellerweiterung für Webdrucker" - "Microsoft Corporation" - C:\WINDOWS\system32\printui.dll (File signed by Microsoft) {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {40dd6e20-7c17-11ce-a804-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - C:\WINDOWS\system32\ntshrui.dll (File signed by Microsoft) {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - C:\WINDOWS\system32\ntshrui.dll (File signed by Microsoft) {59be4990-f85c-11ce-aff7-00aa003ca9f6} "Shellerweiterungen für Microsoft Windows-Netzwerkobjekte" - "Microsoft Corporation" - C:\WINDOWS\system32\ntlanui2.dll (File signed by Microsoft) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {6b33163c-76a5-4b6c-bf21-45de9cd503a1} "Shellobjekt des Webpublishing-Assistenten" - "Microsoft Corporation" - C:\WINDOWS\System32\netplwiz.dll (File signed by Microsoft) {F5175861-2688-11d0-9C5E-00AA00A45957} "Subscription Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll (File signed by Microsoft) {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} "Subscription Mgr" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll (File signed by Microsoft) {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} "Suchen" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (File signed by Microsoft) {E0E11A09-5CB8-4B6C-8332-E00720A168F2} "Syntaxanalyse der Adressleiste" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {0DF44EAA-FF21-4412-828E-260A8728E7F1} "Taskleiste und Startmenü" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll (File signed by Microsoft) {7BD29E00-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {7BD29E01-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} "The Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) {acf35015-526e-4230-9596-becbe19f0ac9} "Track Popup Bar" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} "TrayAgent" - "Microsoft Corporation" - C:\WINDOWS\System32\webcheck.dll (File signed by Microsoft) {7376D660-C583-11d0-A3A5-00C04FD706EC} "TridentImageExtractor" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {DD313E04-FEFF-11d1-8ECD-0000F87A470C} "User Assist" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {D20EA4E1-3957-11d2-A40B-0C5020524153} "Verwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (File signed by Microsoft) {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} "Video Media Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\shmedia.dll (File signed by Microsoft) {c5a40261-cd64-4ccf-84cb-c394da41d590} "Video Thumbnail Extractor" - "Microsoft Corporation" - C:\WINDOWS\System32\shmedia.dll (File signed by Microsoft) {E4B29F9D-D390-480b-92FD-7DDB47101D71} "Wav Properties Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\shmedia.dll (File signed by Microsoft) {07798131-AF23-11d1-9111-00A0C98BA67D} "Web Search" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll (File signed by Microsoft) {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} "WebCheck SyncMgr Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll (File signed by Microsoft) {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} "WebCheckChannelAgent" - "Microsoft Corporation" - C:\WINDOWS\System32\webcheck.dll (File signed by Microsoft) {08165EA0-E946-11CF-9C87-00AA005127ED} "WebCheckWebCrawler" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll (File signed by Microsoft) {CC6EEFFB-43F6-46c5-9619-51D571967F7D} "Webpublishing-Assistent" - "Microsoft Corporation" - C:\WINDOWS\System32\netplwiz.dll (File signed by Microsoft) {45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL (File signed by Microsoft) {44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL (File signed by Microsoft) {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} "Windows-Sicherheit" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll (File signed by Microsoft) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll (File signed by Microsoft) {8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll (File signed by Microsoft) {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll (File signed by Microsoft) {9DBD2C50-62AD-11d0-B806-00C04FD706EC} "Zusammenfassungs-Miniaturansichthandler (DOCFILES)" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll (File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (File signed by Microsoft) {fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (File signed by Microsoft) {35CEC8A3-2BE6-11D2-8773-92E220524153} "SysTray" - "Microsoft Corporation" - C:\WINDOWS\System32\stobject.dll (File signed by Microsoft) {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll (File signed by Microsoft) {AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" - "Microsoft Corporation" - C:\WINDOWS\system32\WPDShServiceObj.dll (File signed by Microsoft) _______________________________________________________________ Weiter im nächsten Beitrag........ |
31.03.2010, 23:15 | #3 |
| .ruo.4 in \\system32\d3dsdmd.dll & .ruo.6 in \\drivers\wineue.sys Hier also Teil 2 vom OSAM-Log:
__________________[Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {EFA24E64-B078-11D0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} "File Search Explorer Band" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (File signed by Microsoft) {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Adresse" - "Microsoft Corporation" - C:\WINDOWS\System32\browseui.dll (File signed by Microsoft) <binary data> "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll (File signed by Microsoft) ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll (File signed by Microsoft) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- DirectAnimation Java Classes "DirectAnimation Java Classes" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\dajava.cab Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {6414512B-B978-451D-A0D8-FCFDF33E833C} "WUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wuweb.dll (File signed by Microsoft) / hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264178830765 -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {4D5C8C25-D075-11d0-B416-00C04FB90376} "&Tipps und Tricks" - "Microsoft Corporation" - C:\WINDOWS\System32\shdocvw.dll (File signed by Microsoft) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Exec" - "Microsoft Corporation" - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Known DLLs] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )----- "advapi32" - "Microsoft Corporation" - C:\WINDOWS\system32\advapi32.dll (File signed by Microsoft) "comdlg32" - "Microsoft Corporation" - C:\WINDOWS\system32\comdlg32.dll (File signed by Microsoft) "gdi32" - "Microsoft Corporation" - C:\WINDOWS\system32\gdi32.dll (File signed by Microsoft) "imagehlp" - "Microsoft Corporation" - C:\WINDOWS\system32\imagehlp.dll (File signed by Microsoft) "kernel32" - "Microsoft Corporation" - C:\WINDOWS\system32\kernel32.dll (File signed by Microsoft) "lz32" - "Microsoft Corporation" - C:\WINDOWS\system32\lz32.dll (File signed by Microsoft) "ole32" - "Microsoft Corporation" - C:\WINDOWS\system32\ole32.dll (File signed by Microsoft) "oleaut32" - "Microsoft Corporation" - C:\WINDOWS\system32\oleaut32.dll (File signed by Microsoft) "olecli32" - "Microsoft Corporation" - C:\WINDOWS\system32\olecli32.dll (File signed by Microsoft) "olecnv32" - "Microsoft Corporation" - C:\WINDOWS\system32\olecnv32.dll (File signed by Microsoft) "olesvr32" - "Microsoft Corporation" - C:\WINDOWS\system32\olesvr32.dll (File signed by Microsoft) "olethk32" - "Microsoft Corporation" - C:\WINDOWS\system32\olethk32.dll (File signed by Microsoft) "rpcrt4" - "Microsoft Corporation" - C:\WINDOWS\system32\rpcrt4.dll (File signed by Microsoft) "shell32" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll (File signed by Microsoft) "url" - "Microsoft Corporation" - C:\WINDOWS\system32\url.dll (File signed by Microsoft) "urlmon" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll (File signed by Microsoft) "user32" - "Microsoft Corporation" - C:\WINDOWS\system32\user32.dll (File signed by Microsoft) "version" - "Microsoft Corporation" - C:\WINDOWS\system32\version.dll (File signed by Microsoft) "wininet" - "Microsoft Corporation" - C:\WINDOWS\system32\wininet.dll (File signed by Microsoft) "wldap32" - "Microsoft Corporation" - C:\WINDOWS\system32\wldap32.dll (File signed by Microsoft) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Authentication packages" - "Microsoft Corporation" - C:\WINDOWS\system32\msv1_0.dll (File signed by Microsoft) "Authentication packages" - "Acronis" - C:\WINDOWS\system32\relog_ap.dll "Notification packages" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll (File signed by Microsoft) "Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\kerberos.dll (File signed by Microsoft) "Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\msv1_0.dll (File signed by Microsoft) "Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\schannel.dll (File signed by Microsoft) "Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\wdigest.dll (File signed by Microsoft) -----( HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders )----- "SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\msapsspc.dll (File signed by Microsoft) "SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\schannel.dll (File signed by Microsoft) "SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\digest.dll (File signed by Microsoft) "SecurityProviders" - "Microsoft Corporation" - C:\WINDOWS\system32\msnsspc.dll (File signed by Microsoft) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "TO DO" - "Microsoft Corporation" - C:\Programme\Office 2000\Office\WINWORD.EXE "C:\Dokumente und Einstellungen\bert\Desktop\TO DO.doc" -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "Shell" - "Microsoft Corporation" - C:\WINDOWS\Explorer.exe (File signed by Microsoft) "Userinit" - "Microsoft Corporation" - C:\WINDOWS\system32\userinit.exe (File signed by Microsoft) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - "Microsoft Corporation" - C:\WINDOWS\system32\rdpclip.exe (File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Acrobat - Schnellstart" - ? - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe "Alcmtr" - "Realtek Semiconductor Corp." - ALCMTR.EXE (File signed by Microsoft) "AlcWzrd" - "RealTek Semicoductor Corp." - ALCWZRD.EXE (File signed by Microsoft) "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "BluetoothAuthenticationAgent" - "Microsoft Corporation" - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (File signed by Microsoft) "FastUser" - "Microsoft Corporation" - C:\WINDOWS\System32\fast.exe "Logitech Utility" - "Logitech Inc." - Logi_MwX.Exe (File signed by Microsoft) "Microsoft Office" - "Microsoft Corporation" - C:\Programme\Office 2000\Office\OSA9.EXE "NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "RTHDCPL" - "Realtek Semiconductor Corp." - RTHDCPL.EXE (File signed by Microsoft) "SoundMan" - "Realtek Semiconductor Corp." - SOUNDMAN.EXE (File signed by Microsoft) [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Microsoft Windows-Netzwerk" - "Microsoft Corporation" - C:\WINDOWS\System32\ntlanman.dll (File signed by Microsoft) "Microsoft-Terminaldienste" - "Microsoft Corporation" - C:\WINDOWS\System32\drprov.dll (File signed by Microsoft) "Web Client Network" - "Microsoft Corporation" - C:\WINDOWS\System32\davclnt.dll (File signed by Microsoft) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll "BJ Language Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\cnbjmon.dll (File signed by Microsoft) "Bluebeam PDF Monitor" - ? - C:\WINDOWS\system32\BBPDFPortMon.dll (File found, but it contains no detailed information) "Local Port" - "Microsoft Corporation" - C:\WINDOWS\system32\localspl.dll (File signed by Microsoft) "PJL Language Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\pjlmon.dll (File signed by Microsoft) "Standard TCP/IP Port" - "Microsoft Corporation" - C:\WINDOWS\system32\tcpmon.dll (File signed by Microsoft) "USB Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\usbmon.dll (File signed by Microsoft) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "AAV UpdateService" (AAV UpdateService) - ? - C:\Programme\Gemeinsame Dateien\AAV\aavus.exe "Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe "Anmeldedienst" (Netlogon) - "Microsoft Corporation" - C:\WINDOWS\System32\lsass.exe (File signed by Microsoft) "Anwendungsverwaltung" (AppMgmt) - "Microsoft Corporation" - C:\WINDOWS\System32\appmgmts.dll (File signed by Microsoft) "Arbeitsstationsdienst" (lanmanworkstation) - "Microsoft Corporation" - C:\WINDOWS\System32\wkssvc.dll (File signed by Microsoft) "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe (File signed by Microsoft) "Automatische Konfiguration (verkabelt)" (Dot3svc) - "Microsoft Corporation" - C:\WINDOWS\System32\dot3svc.dll (File signed by Microsoft) "Automatische Updates" (wuauserv) - "Microsoft Corporation" - C:\WINDOWS\system32\wuauserv.dll (File signed by Microsoft) "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avmailc.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE "Bluetooth Support Service" (BthServ) - "Microsoft Corporation" - C:\WINDOWS\System32\bthserv.dll (File signed by Microsoft) "COM+-Ereignissystem" (EventSystem) - "Microsoft Corporation" - C:\WINDOWS\System32\es.dll (File signed by Microsoft) "COM+-Systemanwendung" (COMSysApp) - "Microsoft Corporation" - C:\WINDOWS\System32\dllhost.exe (File signed by Microsoft) "Computerbrowser" (Browser) - "Microsoft Corporation" - C:\WINDOWS\System32\browser.dll (File signed by Microsoft) "DCOM-Server-Prozessstart" (DcomLaunch) - "Microsoft Corporation" - C:\WINDOWS\system32\rpcss.dll (File signed by Microsoft) "Designs" (Themes) - "Microsoft Corporation" - C:\WINDOWS\System32\shsvcs.dll (File signed by Microsoft) "DHCP-Client" (Dhcp) - "Microsoft Corporation" - C:\WINDOWS\System32\dhcpcsvc.dll (File signed by Microsoft) "Dienst für Seriennummern der tragbaren Medien" (WmdmPmSN) - "Microsoft Corporation" - C:\WINDOWS\system32\MsPMSNSv.dll (File signed by Microsoft) "Distributed Transaction Coordinator" (MSDTC) - "Microsoft Corporation" - C:\WINDOWS\System32\msdtc.exe (File signed by Microsoft) "DNS-Client" (Dnscache) - "Microsoft Corporation" - C:\WINDOWS\System32\dnsrslvr.dll (File signed by Microsoft) "Druckwarteschlange" (Spooler) - "Microsoft Corporation" - C:\WINDOWS\system32\spoolsv.exe (File signed by Microsoft) "Ereignisprotokoll" (Eventlog) - "Microsoft Corporation" - C:\WINDOWS\system32\services.exe (File signed by Microsoft) "Extensible Authentication-Protokolldienst" (EapHost) - "Microsoft Corporation" - C:\WINDOWS\System32\eapsvc.dll (File signed by Microsoft) "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Gatewaydienst auf Anwendungsebene" (ALG) - "Microsoft Corporation" - C:\WINDOWS\System32\alg.exe (File signed by Microsoft) "Geschützter Speicher" (ProtectedStorage) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe (File signed by Microsoft) "Google Update Service (gupdate1c9b6f52f00cb56)" (gupdate1c9b6f52f00cb56) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "HID Input Service" (HidServ) - "Microsoft Corporation" - C:\WINDOWS\System32\hidserv.dll (File signed by Microsoft) "Hilfe und Support" (helpsvc) - "Microsoft Corporation" - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (File signed by Microsoft) "HTTP-SSL" (HTTPFilter) - "Microsoft Corporation" - C:\WINDOWS\System32\w3ssl.dll (File signed by Microsoft) "IMAPI-CD-Brenn-COM-Dienste" (ImapiService) - "Microsoft Corporation" - C:\WINDOWS\System32\imapi.exe (File signed by Microsoft) "Integritätsschlüssel- und Zertifikatverwaltungsdienst" (hkmsvc) - "Microsoft Corporation" - C:\WINDOWS\System32\kmsvc.dll (File signed by Microsoft) "Intelligenter Hintergrundübertragungsdienst" (BITS) - "Microsoft Corporation" - C:\WINDOWS\system32\qmgr.dll (File signed by Microsoft) "InteractiveLogon" (InteractiveLogon) - "Microsoft Corporation" - C:\WINDOWS\System32\Fast.exe "IPSEC-Dienste" (PolicyAgent) - "Microsoft Corporation" - C:\WINDOWS\System32\lsass.exe (File signed by Microsoft) "Kompatibilität für schnelle Benutzerumschaltung" (FastUserSwitchingCompatibility) - "Microsoft Corporation" - C:\WINDOWS\System32\shsvcs.dll (File signed by Microsoft) "Konfigurationsfreie drahtlose Verbindung" (WZCSVC) - "Microsoft Corporation" - C:\WINDOWS\System32\wzcsvc.dll (File signed by Microsoft) "Kryptografiedienste" (CryptSvc) - "Microsoft Corporation" - C:\WINDOWS\System32\cryptsvc.dll (File signed by Microsoft) "Leistungsdatenprotokolle und Warnungen" (SysmonLog) - "Microsoft Corporation" - C:\WINDOWS\system32\smlogsvc.exe (File signed by Microsoft) "MotoConnect Service" (MotoConnect Service) - ? - C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe (File found, but it contains no detailed information) "MS Software Shadow Copy Provider" (SwPrv) - "Microsoft Corporation" - C:\WINDOWS\System32\dllhost.exe (File signed by Microsoft) "NAP-Agent (Network Access Protection)" (napagent) - "Microsoft Corporation" - C:\WINDOWS\System32\qagentrt.dll (File signed by Microsoft) "NetMeeting-Remotedesktop-Freigabe" (mnmsrvc) - "Microsoft Corporation" - C:\WINDOWS\System32\mnmsrvc.exe (File signed by Microsoft) "Netzwerkverbindungen" (Netman) - "Microsoft Corporation" - C:\WINDOWS\System32\netman.dll (File signed by Microsoft) "Netzwerkversorgungsdienst" (xmlprov) - "Microsoft Corporation" - C:\WINDOWS\System32\xmlprov.dll (File signed by Microsoft) "NLA (Network Location Awareness)" (Nla) - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll (File signed by Microsoft) "NT-LM-Sicherheitsdienst" (NtLmSsp) - "Microsoft Corporation" - C:\WINDOWS\System32\lsass.exe (File signed by Microsoft) "O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe "Plug & Play" (PlugPlay) - "Microsoft Corporation" - C:\WINDOWS\system32\services.exe (File signed by Microsoft) "PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe (File found, but it contains no detailed information) "PnkBstrB" (PnkBstrB) - ? - C:\WINDOWS\system32\PnkBstrB.exe (File found, but it contains no detailed information) "QoS-RSVP" (RSVP) - "Microsoft Corporation" - C:\WINDOWS\System32\rsvp.exe (File signed by Microsoft) "RAS-Verbindungsverwaltung" (RasMan) - "Microsoft Corporation" - C:\WINDOWS\System32\rasmans.dll (File signed by Microsoft) "Remote-Registrierung" (RemoteRegistry) - "Microsoft Corporation" - C:\WINDOWS\system32\regsvc.dll (File signed by Microsoft) "Remoteprozeduraufruf (RPC)" (RpcSs) - "Microsoft Corporation" - C:\WINDOWS\system32\rpcss.dll (File signed by Microsoft) "RPC-Locator" (RpcLocator) - "Microsoft Corporation" - C:\WINDOWS\System32\locator.exe (File signed by Microsoft) "Sekundäre Anmeldung" (seclogon) - "Microsoft Corporation" - C:\WINDOWS\System32\seclogon.dll (File signed by Microsoft) "Server" (lanmanserver) - "Microsoft Corporation" - C:\WINDOWS\System32\srvsvc.dll (File signed by Microsoft) "Shellhardwareerkennung" (ShellHWDetection) - "Microsoft Corporation" - C:\WINDOWS\System32\shsvcs.dll (File signed by Microsoft) "Sicherheitscenter" (wscsvc) - "Microsoft Corporation" - C:\WINDOWS\system32\wscsvc.dll (File signed by Microsoft) "Sicherheitskontenverwaltung" (SamSs) - "Microsoft Corporation" - C:\WINDOWS\system32\lsass.exe (File signed by Microsoft) "Sitzungs-Manager für Remotedesktophilfe" (RDSessMgr) - "Microsoft Corporation" - C:\WINDOWS\system32\sessmgr.exe (File signed by Microsoft) "Smartcard" (SCardSvr) - "Microsoft Corporation" - C:\WINDOWS\System32\SCardSvr.exe (File signed by Microsoft) "SSDP-Suchdienst" (SSDPSRV) - "Microsoft Corporation" - C:\WINDOWS\System32\ssdpsrv.dll (File signed by Microsoft) "Systemereignisbenachrichtigung" (SENS) - "Microsoft Corporation" - C:\WINDOWS\system32\sens.dll (File signed by Microsoft) "Systemwiederherstellungsdienst" (srservice) - "Microsoft Corporation" - C:\WINDOWS\System32\srsvc.dll (File signed by Microsoft) "TCP/IP-NetBIOS-Hilfsprogramm" (LmHosts) - "Microsoft Corporation" - C:\WINDOWS\System32\lmhsvc.dll (File signed by Microsoft) "Telefonie" (TapiSrv) - "Microsoft Corporation" - C:\WINDOWS\System32\tapisrv.dll (File signed by Microsoft) "Terminaldienste" (TermService) - "Microsoft Corporation" - C:\WINDOWS\System32\termsrv.dll (File signed by Microsoft) "Treibererweiterungen für Windows-Verwaltungsinstrumentation" (Wmi) - "Microsoft Corporation" - C:\WINDOWS\System32\advapi32.dll (File signed by Microsoft) "Unterbrechungsfreie Stromversorgung" (UPS) - "Microsoft Corporation" - C:\WINDOWS\System32\ups.exe (File signed by Microsoft) "Verwaltung für automatische RAS-Verbindung" (RasAuto) - "Microsoft Corporation" - C:\WINDOWS\System32\rasauto.dll (File signed by Microsoft) "Verwaltung logischer Datenträger" (dmserver) - "Microsoft Corp." - C:\WINDOWS\System32\dmserver.dll (File signed by Microsoft) "Verwaltungsdienst für die Verwaltung logischer Datenträger" (dmadmin) - "Microsoft Corp., Veritas Software" - C:\WINDOWS\System32\dmadmin.exe (File signed by Microsoft) "Volumeschattenkopie" (VSS) - "Microsoft Corporation" - C:\WINDOWS\System32\vssvc.exe (File signed by Microsoft) "Webclient" (WebClient) - "Microsoft Corporation" - C:\WINDOWS\System32\webclnt.dll (File signed by Microsoft) "Wechselmedien" (NtmsSvc) - "Microsoft Corporation" - C:\WINDOWS\system32\ntmssvc.dll (File signed by Microsoft) "Windows Audio" (AudioSrv) - "Microsoft Corporation" - C:\WINDOWS\System32\audiosrv.dll (File signed by Microsoft) "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Driver Foundation - User-mode Driver Framework" (WudfSvc) - "Microsoft Corporation" - C:\WINDOWS\System32\WUDFSvc.dll (File signed by Microsoft) "Windows Installer" (MSIServer) - "Microsoft Corporation" - C:\WINDOWS\System32\msiexec.exe (File signed by Microsoft) "Windows Media Player-Netzwerkfreigabedienst" (WMPNetworkSvc) - "Microsoft Corporation" - C:\Programme\Windows Media Player\WMPNetwk.exe (File signed by Microsoft) "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows-Bilderfassung (WIA)" (stisvc) - "Microsoft Corporation" - C:\WINDOWS\system32\wiaservc.dll (File signed by Microsoft) "Windows-Firewall/Gemeinsame Nutzung der Internetverbindung" (SharedAccess) - "Microsoft Corporation" - C:\WINDOWS\System32\ipnathlp.dll (File signed by Microsoft) "Windows-Verwaltungsinstrumentation" (winmgmt) - "Microsoft Corporation" - C:\WINDOWS\system32\wbem\WMIsvc.dll (File signed by Microsoft) "WMI-Leistungsadapter" (WmiApSrv) - "Microsoft Corporation" - C:\WINDOWS\System32\wbem\wmiapsrv.exe (File signed by Microsoft) "Überwachung verteilter Verknüpfungen (Client)" (TrkWks) - "Microsoft Corporation" - C:\WINDOWS\system32\trkwks.dll (File signed by Microsoft) [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "UIHost" - "Microsoft Corporation" - C:\WINDOWS\system32\logonui.exe "VmApplet" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl (File signed by Microsoft) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" - "Microsoft Corporation" - C:\WINDOWS\system32\dot3gpclnt.dll (File signed by Microsoft) {0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} "Drahtlos" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll (File signed by Microsoft) {B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} "EFS recovery" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll (File signed by Microsoft) {25537BA6-77A8-11D2-9B6C-0000F8080861} "Folder Redirection" - "Microsoft Corporation" - C:\WINDOWS\system32\fdeploy.dll (File signed by Microsoft) {F9C77450-3A41-477E-9310-9ACD617BD9E3} "Group Policy Applications" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {728EE579-943C-4519-9EF7-AB56765798ED} "Group Policy Data Sources" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {1A6364EB-776B-4120-ADE1-B63A406A76B5} "Group Policy Device Settings" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {5794DAFD-BE60-433f-88A2-1A31939AC01F} "Group Policy Drive Maps" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {0E28E245-9368-4853-AD84-6DA3BA35BB75} "Group Policy Environment" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {7150F9BF-48AD-4da4-A49C-29EF4A8369BA} "Group Policy Files" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {A3F3E39B-5D83-4940-B954-28315B82F0A8} "Group Policy Folder Options" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {6232C319-91AC-4931-9385-E70C2B099F0E} "Group Policy Folders" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {74EE6C03-5363-4554-B161-627540339CAB} "Group Policy Ini Files" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {E47248BA-94CC-49c4-BBB5-9EB7F05183D0} "Group Policy Internet Settings" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {17D89FEC-5C44-4972-B12D-241CAEF74509} "Group Policy Local Users and Groups" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {3A0DBA37-F8B2-4356-83DE-3E90BD5C261F} "Group Policy Network Options" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {6A4C88C6-C502-4f74-8F60-2CB23EDC24E2} "Group Policy Network Shares" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {E62688F0-25FD-4c90-BFF5-F508B9D2E31F} "Group Policy Power Options" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {BC75B1ED-5833-4858-9BB8-CBF0B166DF9D} "Group Policy Printers" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {E5094040-C46C-4115-B030-04FB2E545B00} "Group Policy Regional Options" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {B087BE9D-ED37-454f-AF9C-04291E351182} "Group Policy Registry" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {AADCED64-746C-4633-A97C-D61349046527} "Group Policy Scheduled Tasks" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {91FBB303-0CD5-4055-BF42-E512A681B325} "Group Policy Services" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7} "Group Policy Shortcuts" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {E4F48E54-F38D-4884-BFB9-D4D2E5729C18} "Group Policy Start Menu Settings" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll (File signed by Microsoft) {A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer Branding" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll (File signed by Microsoft) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} "Internet Explorer Machine Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll (File signed by Microsoft) {7B849a69-220F-451E-B3FE-2CB811AF94AE} "Internet Explorer User Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll (File signed by Microsoft) {4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer Zonemapping" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll (File signed by Microsoft) {e437bc1c-aa7d-11d2-a382-00c04f991e27} "IP-Sicherheit" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll (File signed by Microsoft) {C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll (File signed by Microsoft) {3610eda5-77ef-11d2-8dc5-00c04fa31a66} "Microsoft-Datenträgerkontingent" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquota.dll (File signed by Microsoft) {426031c0-0b47-4852-b0ca-ac3d37bfcb39} "QoS-Paketplaner" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll (File signed by Microsoft) {827D319E-6EAC-11D2-A4EA-00C04F79F83A} "Security" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll (File signed by Microsoft) {42B5FAAE-6536-11d2-AE5A-0000F87571E3} "Skripts" - "Microsoft Corporation" - C:\WINDOWS\system32\gptext.dll (File signed by Microsoft) {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - "Microsoft Corporation" - C:\WINDOWS\system32\appmgmts.dll (File signed by Microsoft) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll (File signed by Microsoft) "crypt32chain" - "Microsoft Corporation" - C:\WINDOWS\system32\crypt32.dll (File signed by Microsoft) "cryptnet" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptnet.dll (File signed by Microsoft) "cscdll" - "Microsoft Corporation" - C:\WINDOWS\system32\cscdll.dll (File signed by Microsoft) "dimsntfy" - "Microsoft Corporation" - C:\WINDOWS\System32\dimsntfy.dll (File signed by Microsoft) "ScCertProp" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll (File signed by Microsoft) "Schedule" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll (File signed by Microsoft) "sclgntfy" - "Microsoft Corporation" - C:\WINDOWS\system32\sclgntfy.dll (File signed by Microsoft) "SensLogn" - "Microsoft Corporation" - C:\WINDOWS\system32\WlNotify.dll (File signed by Microsoft) "termsrv" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll (File signed by Microsoft) "wlballoon" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll (File signed by Microsoft) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "Bluetooth-Namespace" - "Microsoft Corporation" - C:\WINDOWS\system32\wshbth.dll (File signed by Microsoft) "NLA-Namespace" - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll (File signed by Microsoft) "NTDS" - "Microsoft Corporation" - C:\WINDOWS\System32\winrnr.dll (File signed by Microsoft) "TCP/IP" - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll (File signed by Microsoft) -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avsda.dll "MSAFD NetBIOS [\Device\NetBT_Tcpip_{0D951B6E-D933-41B9-AAE6-F9E99671B986}] DATAGRAM 5" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{0D951B6E-D933-41B9-AAE6-F9E99671B986}] SEQPACKET 5" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{0DDAA194-844A-4CD8-9F85-F3820B80AE54}] DATAGRAM 4" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{0DDAA194-844A-4CD8-9F85-F3820B80AE54}] SEQPACKET 4" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{1E4CA7CB-73E5-406D-8E05-19B5B6C708BC}] DATAGRAM 6" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{1E4CA7CB-73E5-406D-8E05-19B5B6C708BC}] SEQPACKET 6" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{2378E3C0-A333-43F0-9979-B92CAB6830E4}] DATAGRAM 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{2378E3C0-A333-43F0-9979-B92CAB6830E4}] SEQPACKET 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{4BD96DC4-81E1-43C8-9E0D-278B89FD50C3}] DATAGRAM 0" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{4BD96DC4-81E1-43C8-9E0D-278B89FD50C3}] SEQPACKET 0" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F170BD3-EEE4-4BFC-8CC5-387D890249DE}] DATAGRAM 3" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F170BD3-EEE4-4BFC-8CC5-387D890249DE}] SEQPACKET 3" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{A07D29E7-B119-4E20-8E6F-ABC19D9F2177}] DATAGRAM 8" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{A07D29E7-B119-4E20-8E6F-ABC19D9F2177}] SEQPACKET 8" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{C22D9985-667C-4A05-B4F3-B513B23F2D29}] DATAGRAM 7" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{C22D9985-667C-4A05-B4F3-B513B23F2D29}] SEQPACKET 7" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB215C0B-4395-4EEB-BA3F-4DF48D5CBDFA}] DATAGRAM 2" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB215C0B-4395-4EEB-BA3F-4DF48D5CBDFA}] SEQPACKET 2" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD RfComm [Bluetooth]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD Tcpip [RAW/IP]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD Tcpip [TCP/IP]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "MSAFD Tcpip [UDP/IP]" - "Microsoft Corporation" - C:\WINDOWS\system32\mswsock.dll (File signed by Microsoft) "RSVP TCP Service Provider" - "Microsoft Corporation" - C:\WINDOWS\system32\rsvpsp.dll (File signed by Microsoft) "RSVP UDP Service Provider" - "Microsoft Corporation" - C:\WINDOWS\system32\rsvpsp.dll (File signed by Microsoft) ===[ Logfile end ]========================================= Und weils so schön ist, im folgenden nochmal der heutige Abschnitt meines Avira-Logs: _______________________________________________________________ 31.03.2010,22:01:50 AntiVir Guard Version: 10.00.01.43, Engine Version 8.2.1.204, VDF Version: 7.10.6.5 31.03.2010,22:01:50 Online-Dienste stehen zur Verfügung. 31.03.2010,22:01:50 AntiVir Guard wurde aktiviert. 31.03.2010,22:02:15 AntiVir ProActiv wurde erfolgreich gestartet! 31.03.2010,22:02:15 Der Avira AntiVir Premium Dienst wurde erfolgreich gestartet! 31.03.2010,22:02:15 [CONFIG] Verwendete Konfiguration der Echtzeitsuche: - Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen - Geprüfte Dateien: Intelligente Dateiauswahl - Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen - Aktion: Benutzer fragen - Archive durchsuchen: Deaktiviert - Makrovirenheuristik: Aktiviert - Win32 Dateiheuristik: Erkennungsstufe mittel - Protokollierungsstufe: Standard 31.03.2010,22:15:44 [FUND] Ist das Trojanische Pferd TR/Agent.RUO.4! C:\WINDOWS\system32\d3dsdmd.dll [USER] LIANLI\BERT [INFO] Der Zugriff auf die Datei wurde verweigert! 31.03.2010,22:42:00 Update-Auftrag gestartet! 31.03.2010,22:42:03 Aktuelle Engine Version: 8.2.1.204 31.03.2010,22:42:03 Aktuelle Version der VDF-Datei: 7.10.6.10 31.03.2010,22:50:57 [FUND] Ist das Trojanische Pferd TR/Agent.RUO.6! C:\WINDOWS\system32\drivers\wineue.sys [USER] LIANLI\BERT [INFO] Der Zugriff auf die Datei wurde verweigert! 31.03.2010,23:44:00 --------------------------------------------------------- 31.03.2010,23:44:08 AntiVir Guard Version: 10.00.01.43, Engine Version 8.2.1.204, VDF Version: 7.10.6.10 31.03.2010,23:44:08 Online-Dienste stehen zur Verfügung. 31.03.2010,23:44:09 AntiVir Guard wurde aktiviert. 31.03.2010,23:44:34 AntiVir ProActiv wurde erfolgreich gestartet! 31.03.2010,23:44:34 Der Avira AntiVir Premium Dienst wurde erfolgreich gestartet! 31.03.2010,23:44:34 [CONFIG] Verwendete Konfiguration der Echtzeitsuche: - Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen - Geprüfte Dateien: Intelligente Dateiauswahl - Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen - Aktion: Benutzer fragen - Archive durchsuchen: Deaktiviert - Makrovirenheuristik: Aktiviert - Win32 Dateiheuristik: Erkennungsstufe mittel - Protokollierungsstufe: Standard _______________________________________________________________ FRAGE: .RUO.6 wird nach dem OSAM-Scan doch wieder gefunden. Nix ist gut, was muß ich weiter tun? D A N K E für weitere Hilfe! Bisher hab ich alle (seltenen) Infektionen in den Griff bekommen, aber dieses Ding ist einfach hartnäckig, und im Web hab ich auch noch keine Info gefunden, wie .RUO nun funktioniert - also, was man manuell tun kann, um ihn zu eliminieren. Also: Danke schön für jeden Tip, welcher Schritt als nächster kommen muß. PS: Wär schon schön, wenn mal jemand beschreiben könnte, was .ruo so tut und wie man ihn auch von Hand wieder wegbekommt..... Nach diesem massenweisen Aufkommen in den letzten Tagen müßte sich doch beschreiben lassen, in welchen Autostartaufrufen, Prozessen und Dateien sich das Dingen einnistet... Geändert von berti (31.03.2010 um 23:58 Uhr) Grund: .ro.6 doch wieder gefunden |
Themen zu .ruo.4 in \\system32\d3dsdmd.dll & .ruo.6 in \\drivers\wineue.sys |
avira, avira guard, betrieb, datei, entfernt, erledigt, firefox, forum, fund, gescannt, gesetzt, guard, heute, kein fund, log, löschen, melde, meldet, scan, schließe, start, system, system32, wenige, windows, überschreiben, zusätzlich |