| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner tr crypt.xpack.gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.05.2011, 14:51
| #31 |
 |  Trojaner tr crypt.xpack.gen2 Ok, das müsste dann ja heissen, dass wenn die entsprechenden Einstellungen in den Ordneroptionen eingestellt sind (wie bei mir der Fall) man die boot.ini so sehen kann: Windows Explorer/Arbeitsplatz/Festplatte (H  Dann müsste man die boot.ini ja direkt sehen können. Es tut mir wirklich leid wenn ich dich nerve, aber ich kann diese Datei im Explorer unter H: (= Festplatte = Systempartition) nicht sehen! Hier ein Screenshot meines Explorers in H und du siehst, dass man keine Datei mit dem Namen boot.ini sehen kann. Geändert von Orthia (05.05.2011 um 14:59 Uhr) |
|
05.05.2011, 19:10
| #32 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner tr crypt.xpack.gen2 Die kann nicht weg sein die boot.ini - ohne die kann WindowsXP nicht starten!
__________________Führ mal bitte aus über Start => Ausführen Code:
ATTFilter notepad h:\boot.ini
__________________ |
|
06.05.2011, 10:28
| #33 |
| | Trojaner tr crypt.xpack.gen2 Ja da gebe ich dir vollkommen recht, das hab ich auch in meinen Recherchen im Internet geslesen!
__________________Wenn ich diesen Befehl notepad h:\boot.ini ausführe, erhalte ich folgende Fehlermeldung: "Die Datei h:\boot.ini kann nicht gefunden werden. Möchten Sie eine neue Datei erstellen? (Ja/Nein/Abbrechen)" Hab dann auf Abbrechen geklickt. Diese Datei ist mit Sicherheit da, denn sonst würde ja (wie du sagst) Windows nicht starten! Aber aufgrund irgendeines Systemfehlers (oder vielleicht wegen dem Trojaner) scheint es nicht möglich sein, dass ich diese Datei einsehen kann. |
|
06.05.2011, 10:53
| #34 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner tr crypt.xpack.gen2 Folge mal dem zweiten Link meiner Signatur, Datensicherung über Ubuntu. Starte den Rechner mit Ubuntu und schau darüber mal nach, ob die boot.ini auf der windows-Partition zu finden ist.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.05.2011, 14:32
| #35 |
| | Trojaner tr crypt.xpack.gen2 Hey, ich hab jetzt meinen Rechner mit Ubuntu gestartet, indem ich allen Anweisungen in deinem Link befolgt habe. Aber leider auch hier in Ubuntu finde kann nach langer Suche mit der Suchoption keine Datei mit dem Namen boot.ini. finden  Kann es sein, dass die Datei vielleicht anders heisst oder so? Gibt es denn jetzt noch eine andere möglichkeit, diese Datei zu finden um endlich die WHK herstellen zu können? |
|
06.05.2011, 17:54
| #36 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner tr crypt.xpack.gen2 Müssen wir probieren. Ich hab dir mal "meine" boot.ini leicht verändert mal hochgeladen => File-Upload.net - boot.ini speicher die bei dir mal direkt auf H: ab - beobachte was beim Start von Windows passiert. Wenn das glatt geht bitte die WHK nochmal versuchen zu installieren über den Befehl Code:
ATTFilter H:\XPCD\i386\winnt32.exe /cmdcons
__________________ --> Trojaner tr crypt.xpack.gen2 |
|
06.05.2011, 19:42
| #37 |
| | Trojaner tr crypt.xpack.gen2 Juhuuuuuuuu !!!!  Hat funktioniert und die WHK konnte installiert werden!!!  Soll ich nun also das mit Combofix nochmals ausführen, was du mir in deinem Eintrag Nr.12 geschrieben hast? |
|
06.05.2011, 19:43
| #38 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner tr crypt.xpack.gen2 Ja bitte!!  Starte Windows neu (falls noch nicht getan), lösch die alte cofi.exe, lade CF neu als cofi.exe runter und probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2011, 11:31
| #39 |
| | Trojaner tr crypt.xpack.gen2 Hey! Die Freude ist leider wieder etwas verflogen, da sich ComboFix wieder aufgehängt hat! Ich hab erst die alte cofi.exe gelöscht, dann ComboFix neu runtergeladen und wieder als cofi.exe aufm Desktop abgespeichert. Dann hab ich das Notepad geöffnet und den Inhalt, den du mir in deinem Eintrag Nr.12 geschickt hast, in das Notepad kopiert und als CFScript.txt aufm Desktop abgespeichert. Als ich dann die CFScript.txt auf die cofi.exe gezogen hab, startete ComboFix und als erstes musste ich wieder zustimmen, dass das Programm ausgeführt werden soll. Nach der Installation der WHK wurde ich diesmal logischerweise nicht gefragt. Naja dann ging es wieder bis zu dem Status, dass ComboFix das Systrem auf Infizierungen untersucht, was ja eigentlich maximal 20 Minuten dauern soll. In diesem Zustand passierte dann ewig nix und das Programm hat sich aufgehängt, da ich wieder nur über den Reset-Knopf Windows wieder normal neu starten konnte.  Was also nun? |
|
07.05.2011, 15:23
| #40 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner tr crypt.xpack.gen2 Starte CF bitte normal ohne das Script!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2011, 19:22
| #41 |
| | Trojaner tr crypt.xpack.gen2 Hey, ich habe CF ohne das Script gestartet. Davor hab ich den CCleaner noch einmal drüberlaufen lassen. Als ich dann CF gestartet hab, hat sich das Programm wieder aufgehängt! Hab es dann gelöscht und nochmal neu runtergeladen. Aber auch danach hat es sich aufgehängt! Ich hab auch immer sehr lange gewartet, also mindestens 30 min, und auch sonst Tastatur und Maus nicht benutzt. Verstehe das nicht, vor allem weil der erste CF Scan, den ich gemacht hab, ja funktioniert hat... |
|
07.05.2011, 19:33
| #42 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner tr crypt.xpack.gen2 Dann erstmal Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.05.2011, 12:07
| #43 |
| | Trojaner tr crypt.xpack.gen2 Hey! Erstmal wieder Danke für deine Bemühungen! Also alle drei Tools haben reibungslos funktioniert  Hier das Log von GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-08 12:29:18
Windows 5.1.2600 Service Pack 3
Running: vo05m6g8.exe; Driver: H:\DOKUME~1\Normal\LOKALE~1\Temp\kftdrpob.sys
---- System - GMER 1.0.15 ----
SSDT F7BF883E ZwCreateKey
SSDT F7BF8834 ZwCreateThread
SSDT F7BF8843 ZwDeleteKey
SSDT F7BF884D ZwDeleteValueKey
SSDT F7BF8852 ZwLoadKey
SSDT F7BF8820 ZwOpenProcess
SSDT F7BF8825 ZwOpenThread
SSDT F7BF885C ZwReplaceKey
SSDT F7BF8857 ZwRestoreKey
SSDT F7BF8848 ZwSetValueKey
SSDT F7BF882F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.sfrelocÿÿÿÿsfsync03unknown last section [0xF75E9000, 0xA20, 0x40000040] H:\WINDOWS\system32\drivers\sfsync03.sys unknown last section [0xF75E9000, 0xA20, 0x40000040]
.text H:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6142380, 0x550AF5, 0xE8000020]
.text H:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB772D300, 0x3ACC8, 0xE8000020]
.text H:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF7874300, 0x1B7E, 0xE8000020]
---- Devices - GMER 1.0.15 ----
Device \Driver\prodrv06 \Device\ProDrv06 E1A89008
Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort4 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort5 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E185EEC0
Device \Driver\usbstor \Device\00000077 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\00000079 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\0000007a sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\0000007b sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\0000007c sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CDF242BA-FD17-497F-478F-06B0FBA3F461}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CDF242BA-FD17-497F-478F-06B0FBA3F461}@iajajccklhfgifdfeo 0x69 0x61 0x6D 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CDF242BA-FD17-497F-478F-06B0FBA3F461}@hahahdhigbdnnagn 0x6A 0x61 0x6E 0x6E ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk1\DR2 sector 00: rootkit-like behavior
---- EOF - GMER 1.0.15 ----
Als nächstes das Log von OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 12:47:17 on 08.05.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 4.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "Microsoft Corporation" - H:\WINDOWS\system32\autochk.exe [Common] -----( HKLM\SOFTWARE\Microsoft\Windows Scripting Host\Locations )----- "CScript" - "Microsoft Corporation" - H:\WINDOWS\System32\cscript.exe "WScript" - "Microsoft Corporation" - H:\WINDOWS\System32\wscript.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "access.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\access.cpl "ALSndMgr.Cpl" - "Realtek Semiconductor Corp." - H:\WINDOWS\system32\ALSndMgr.Cpl "appwiz.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\appwiz.cpl "bthprops.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\bthprops.cpl "desk.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\desk.cpl "firewall.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\firewall.cpl "hdwwiz.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\hdwwiz.cpl "inetcpl.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\inetcpl.cpl "infocardcpl.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\infocardcpl.cpl "intl.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\intl.cpl "irprops.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\irprops.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - H:\WINDOWS\system32\javacpl.cpl "joy.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\joy.cpl "main.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\main.cpl "mmsys.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\mmsys.cpl "ncpa.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\ncpa.cpl "netsetup.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\netsetup.cpl "nusrmgr.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\nusrmgr.cpl "nvcpl.cpl" - "NVIDIA Corporation" - H:\WINDOWS\system32\nvcpl.cpl "odbccp32.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\odbccp32.cpl "PhysX.cpl" - ? - H:\WINDOWS\system32\PhysX.cpl "powercfg.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\powercfg.cpl "QuickTime.cpl" - "Apple Computer, Inc." - H:\WINDOWS\system32\QuickTime.cpl "RTSndMgr.Cpl" - "Realtek Semiconductor Corp." - H:\WINDOWS\system32\RTSndMgr.Cpl "sysdm.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\sysdm.cpl "telephon.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\telephon.cpl "timedate.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\timedate.cpl "wscui.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\wscui.cpl "wuaucpl.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\wuaucpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - H:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir PersonalEdition Classic" - ? - H:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "Internet Connection Firewall" - "Microsoft Corporation" - H:\WINDOWS\system32\Firewall.cpl "Nero BurnRights" - "Nero AG" - H:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "NetSetupWizard" - "Microsoft Corporation" - H:\WINDOWS\system32\NetSetup.cpl "Speech" - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Speech\sapi.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "1394-ARP-Clientprotokoll" (Arp1394) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\arp1394.sys "1394-Netzwerktreiber" (NIC1394) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\nic1394.sys "715 USB Scanner Driver" (GT680xNT) - " " - H:\WINDOWS\System32\drivers\gt680x.sys "AFD" (AFD) - "Microsoft Corporation" - H:\WINDOWS\System32\drivers\afd.sys "AMD-Prozessortreiber" (AmdK8) - "Advanced Micro Devices" - H:\WINDOWS\System32\DRIVERS\AmdK8.sys "Asynchroner RAS -Medientreiber" (AsyncMac) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\asyncmac.sys "atksgt" (atksgt) - ? - H:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "Audiostubtreiber" (audstub) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\audstub.sys "avgio" (avgio) - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\avipbb.sys "BDA IPSink" (streamip) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\StreamIP.sys "BDA Slip De-Framer" (SLIP) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\SLIP.sys "Beep" (Beep) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\Beep.sys "Bereitstellungspunkt-Manager" (MountMgr) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\MountMgr.sys "Cardex" (Cardex) - "Windows (R) 2000 DDK provider" - H:\WINDOWS\system32\drivers\TBPANEL.SYS "catchme" (catchme) - ? - H:\DOKUME~1\Normal\LOKALE~1\Temp\catchme.sys (File not found) "CD-ROM-Laufwerktreiber" (Cdrom) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\cdrom.sys "Cdaudio" (Cdaudio) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\Cdaudio.sys "Cdfs" (Cdfs) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\Cdfs.sys "Changer" (Changer) - ? - H:\WINDOWS\system32\drivers\Changer.sys (File not found) "Creative SB16/AWE32/AWE64-Treiber (WDM)" (ctlsb16) - "Copyright (C) Creative Technology Ltd. 1994-2001" - H:\WINDOWS\System32\drivers\ctlsb16.sys "DcFpoint" (DcFpoint) - "Eastman Kodak Company" - H:\WINDOWS\System32\DRIVERS\DcFpoint.sys "dcptp" (DcPTP) - "Eastman Kodak Company" - H:\WINDOWS\System32\DRIVERS\DcPTP.sys "Diskettencontrollertreiber" (Fdc) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\fdc.sys "Diskettenlaufwerktreiber" (Flpydisk) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\flpydisk.sys "Exportit" (Exportit) - "Eastman Kodak Company" - H:\WINDOWS\System32\DRIVERS\exportit.sys "Filtertreiber für CD-Brennen" (Imapi) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\imapi.sys "Filtertreiber für digitale CD-Audiowiedergabe" (redbook) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\redbook.sys "Filtertreiber für IP-Verkehr" (IpFilterDriver) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\ipfltdrv.sys "Filtertreiber für IPX-Verkehr" (NwlnkFlt) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\nwlnkflt.sys "Filtertreiber für Systemwiederherstellung" (sr) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\sr.sys "Fips" (Fips) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\Fips.sys "FltMgr" (FltMgr) - "Microsoft Corporation" - H:\WINDOWS\System32\drivers\fltmgr.sys "Fs_Rec" (Fs_Rec) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\Fs_Rec.sys "HTTP" (HTTP) - "Microsoft Corporation" - H:\WINDOWS\System32\Drivers\HTTP.sys "i2omgmt" (i2omgmt) - ? - H:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "i8042-Tastatur- und PS/2-Mausanschluss-Treiber" (i8042prt) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\i8042prt.sys "iMSPQMn" (iMSPQMn) - ? - H:\DOKUME~1\Normal\LOKALE~1\Temp\iMSPQMn.sys (File not found) "IP/IP-Tunneltreiber" (IpInIp) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\ipinip.sys "IPSEC-Treiber" (IPSec) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\ipsec.sys "IPv6-Windows-Firewalltreiber" (Ip6Fw) - "Microsoft Corporation" - H:\WINDOWS\System32\drivers\ip6fw.sys "IR-Enumeratordienst" (IRENUM) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\irenum.sys "Kodak Camera Proxy" (DcCam) - "Eastman Kodak Company" - H:\WINDOWS\System32\DRIVERS\DcCam.sys "Kodak DCFS2K Driver" (DCFS2K) - "Eastman Kodak Company" - H:\WINDOWS\System32\drivers\dcfs2k.sys "KSecDD" (KSecDD) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\KSecDD.sys "Laufwerktreiber" (Disk) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\disk.sys "lbrtfdc" (lbrtfdc) - ? - H:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "Legacy Polling Service" (DcLps) - "Eastman Kodak Company" - H:\WINDOWS\System32\DRIVERS\DcLps.sys "lirsgt" (lirsgt) - ? - H:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "Maus-HID-Treiber" (mouhid) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\mouhid.sys "Mausklassentreiber" (Mouclass) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\mouclass.sys "MEMSWEEP2" (MEMSWEEP2) - ? - H:\WINDOWS\system32\5.tmp (File not found) "Microcode Updatetreiber" (Update) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\update.sys "Microsoft ACPI-Treiber" (ACPI) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\ACPI.sys "Microsoft HID Class-Treiber" (HidUsb) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\hidusb.sys "Microsoft Kernel GS Wavetablesynthesizer" (swmidi) - "Microsoft Corporation" - H:\WINDOWS\System32\drivers\swmidi.sys "Microsoft Kernel-Audiosplitter" (splitter) - "Microsoft Corporation" - H:\WINDOWS\System32\drivers\splitter.sys "Microsoft Kernel-DLS-Synthesizer" (DMusic) - "Microsoft Corporation" - H:\WINDOWS\System32\drivers\DMusic.sys "Microsoft Kernel-DRM-Audioentschlüsselung" (drmkaud) - "Microsoft Corporation" - H:\WINDOWS\System32\drivers\drmkaud.sys "Microsoft Kernel-Echounterdrückung" (aec) - "Microsoft Corporation" - H:\WINDOWS\System32\drivers\aec.sys "Microsoft Kernel-Systemaudiogerät" (sysaudio) - "Microsoft Corporation" - H:\WINDOWS\System32\drivers\sysaudio.sys "Microsoft Kernel-Waveaudiomixer" (kmixer) - "Microsoft Corporation" - H:\WINDOWS\System32\drivers\kmixer.sys "Microsoft Proxy für Streaming Clock" (MSPCLOCK) - "Microsoft Corporation" - H:\WINDOWS\System32\drivers\MSPCLOCK.sys "Microsoft Proxy für Streaming Quality Manager" (MSPQM) - "Microsoft Corporation" - H:\WINDOWS\System32\drivers\MSPQM.sys "Microsoft Standard-USB-Haupttreiber" (usbccgp) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\usbccgp.sys "Microsoft Streaming Service Proxy" (MSKSSRV) - "Microsoft Corporation" - H:\WINDOWS\System32\drivers\MSKSSRV.sys "Microsoft Streaming Tee/Sink-to-Sink Converter" (MSTEE) - "Microsoft Corporation" - H:\WINDOWS\System32\drivers\MSTEE.sys "Microsoft TV/Video Connection" (NdisIP) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\NdisIP.sys "Microsoft UAA-Bustreiber für High Definition Audio" (HDAudBus) - "Windows (R) Server 2003 DDK provider" - H:\WINDOWS\System32\DRIVERS\HDAudBus.sys "Microsoft USB-Druckerklasse" (usbprint) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\usbprint.sys "Microsoft USB-Standardhubtreiber" (usbhub) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\usbhub.sys "Microsoft-Systemverwaltungs-BIOS-Treiber" (mssmbios) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\mssmbios.sys "Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller" (usbehci) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\usbehci.sys "Miniporttreiber für Microsoft USB Open Host-Controller" (usbohci) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\usbohci.sys "mnmdd" (mnmdd) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\mnmdd.sys "Modem" (Modem) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\Modem.sys "MRXSMB" (MRxSmb) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\mrxsmb.sys "Msfs" (Msfs) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\Msfs.sys "Mup" (Mup) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\Mup.sys "NABTS/FEC VBI Codec" (NABTSFEC) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\NABTSFEC.sys "NDIS-Benutzermodus-E/A-Protokoll" (Ndisuio) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\ndisuio.sys "NDIS-Systemtreiber" (NDIS) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\NDIS.sys "NDProxy" (NDProxy) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\NDProxy.sys "NetBios über TCP/IP" (NetBT) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\netbt.sys "NetBIOS-Schnittstelle" (NetBIOS) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\netbios.sys "Netzwerkmonitortreiber" (nm) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\NMnt.sys "Npfs" (Npfs) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\Npfs.sys "Ntfs" (Ntfs) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\Ntfs.sys "Null" (Null) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\Null.sys "nv" (nv) - "NVIDIA Corporation" - H:\WINDOWS\System32\DRIVERS\nv4_mini.sys "NVIDIA Network Bus Enumerator" (nvnetbus) - "NVIDIA Corporation" - H:\WINDOWS\System32\DRIVERS\nvnetbus.sys "NVIDIA nForce Networking Controller Driver" (NVENETFD) - "NVIDIA Corporation" - H:\WINDOWS\System32\DRIVERS\NVENETFD.sys "OVT Scanner" (APL531) - "Omnivision Technologies, Inc." - H:\WINDOWS\System32\Drivers\ov550i.sys "Parallelanschluss (direkt)" (Raspti) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\raspti.sys "Partitions-Manager" (PartMgr) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\PartMgr.sys "ParVdm" (ParVdm) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\ParVdm.sys "PCI-Bus-Treiber" (PCI) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\pci.sys "PCIDump" (PCIDump) - ? - H:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PCIIde" (PCIIde) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\pciide.sys "PDCOMP" (PDCOMP) - ? - H:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - H:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - H:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - H:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PnP-ISA/EISA-Bus-Treiber" (isapnp) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\isapnp.sys "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - H:\WINDOWS\System32\drivers\Afc.sys "Protokoll für ATM ARP-Client" (Atmarpc) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\atmarpc.sys "Prozessortreiber" (Processor) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\processr.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - H:\WINDOWS\System32\Drivers\PxHelp20.sys "QoS-Paketplaner" (PSched) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\psched.sys "RAS-IP-ARP-Treiber" (Wanarp) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\wanarp.sys "RAS-NDIS-TAPI-Treiber" (NdisTapi) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\ndistapi.sys "RAS-NDIS-WAN-Treiber" (NdisWan) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\ndiswan.sys "Rdbss" (Rdbss) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\rdbss.sys "RDPCDD" (RDPCDD) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\RDPCDD.sys "RDPWD" (RDPWD) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\RDPWD.sys "Redirector für WebDav-Client" (MRxDAV) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\mrxdav.sys "Remotezugriff-PPPOE-Treiber" (RasPppoe) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\raspppoe.sys "Secdrv" (Secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - H:\WINDOWS\System32\DRIVERS\secdrv.sys "Serenum-Filtertreiber" (serenum) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\serenum.sys "Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - "Realtek Semiconductor Corp." - H:\WINDOWS\System32\drivers\RtkHDAud.sys "Sfloppy" (Sfloppy) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\Sfloppy.sys "Software-Bus-Treiber" (swenum) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\swenum.sys "Sony USB-Filtertreiber (SONYPVU1)" (SONYPVU1) - "Sony Corporation" - H:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS "Srv" (Srv) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\srv.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\ssmdrv.sys "Standard-IDE/ESDI-Festplattencontroller" (atapi) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\atapi.sys "Standardpaketklassifizierung" (Gpc) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\msgpc.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - H:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Environment Driver v6" (prodrv06) - "Protection Technology" - H:\WINDOWS\System32\drivers\prodrv06.sys "StarForce Protection Helper Driver" (sfhlp01) - "Protection Technology" - H:\WINDOWS\System32\drivers\sfhlp01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - H:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection Helper Driver v2" (prohlp02) - "Protection Technology" - H:\WINDOWS\System32\drivers\prohlp02.sys "StarForce Protection Synchronization Driver (version 3.x)" (sfsync03) - "Protection Technology" - H:\WINDOWS\System32\drivers\sfsync03.sys "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - H:\WINDOWS\System32\drivers\sfvfs02.sys "Tastatur-HID-Treiber" (kbdhid) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\kbdhid.sys "Tastaturklassentreiber" (Kbdclass) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\kbdclass.sys "TBPanel" (TBPanel) - "Windows (R) 2000 DDK provider" - H:\WINDOWS\system32\drivers\TBPanel.sys "TCP/IP-Protokolltreiber" (Tcpip) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\tcpip.sys "TDPIPE" (TDPIPE) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\TDPIPE.sys "TDTCP" (TDTCP) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\TDTCP.sys "Terminal-Gerätetreiber" (TermDD) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\termdd.sys "Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller" (ohci1394) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\ohci1394.sys "Treiber für automatische RAS-Verbindung" (RasAcd) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\rasacd.sys "Treiber für direkte Parallelverbindung" (Ptilink) - "Parallel Technologies, Inc." - H:\WINDOWS\System32\DRIVERS\ptilink.sys "Treiber für IPX-Verkehrsweiterleitung" (NwlnkFwd) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys "Treiber für Microsoft WINMM-WDM-Audiokompatibilität" (wdmaud) - "Microsoft Corporation" - H:\WINDOWS\System32\drivers\wdmaud.sys "Treiber für parallelen Anschluss" (Parport) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\parport.sys "Treiber für seriellen Anschluss" (Serial) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\serial.sys "Treiber für Volume-Manager" (Ftdisk) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\ftdisk.sys "Untertiteldecoder" (CCDECODE) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\CCDECODE.sys "USB-Massenspeichertreiber" (usbstor) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\USBSTOR.SYS "USB-Scannertreiber" (usbscan) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\usbscan.sys "VGA-Anzeigecontroller." (VgaSave) - "Microsoft Corporation" - H:\WINDOWS\System32\drivers\vga.sys "VolSnap" (VolSnap) - "Microsoft Corporation" - H:\WINDOWS\system32\drivers\VolSnap.sys "WAN-Miniport (L2TP)" (Rasl2tp) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\rasl2tp.sys "WAN-Miniport (PPTP)" (PptpMiniport) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\raspptp.sys "WDICA" (WDICA) - ? - H:\WINDOWS\system32\drivers\WDICA.sys (File not found) "Windows Driver Foundation - User-mode Driver Framework Platform Driver" (WudfPf) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\WudfPf.sys "Windows Driver Foundation - User-mode Driver Framework Reflector" (WudfRd) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\wudfrd.sys "World Standard Teletext Codec" (WSTCODEC) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS "WpdUsb" (WpdUsb) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\wpdusb.sys "Übersetzer für IP-Netzwerkadressen" (IpNat) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\ipnat.sys [Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )----- "(0) Source" - ? - /H:/DOKUME~1/Normal/LOKALE~1/Temp/msoclip1/02/clip_image002.jpg (File not found) -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {7790769C-0471-11d2-AF11-00C04FA35D02} "Adressbuch 6" - "Microsoft Corporation" - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install >{60B49E34-C7CC-11D0-8953-00A0C90347FF} "Browser Customizations" - "Microsoft Corporation" - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS "Browseranpassungen" - "Microsoft Corporation" - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} "IE7 Uninstall Stub" - "Microsoft Corporation" - H:\WINDOWS\system32\ieudinit.exe >{26923b43-4d38-484f-9b9e-de460746276c} "Internet Explorer" - "Microsoft Corporation" - H:\WINDOWS\system32\ie4uinit.exe -UserIconConfig {89820200-ECBD-11cf-8B85-00AA005B4383} "Internet Explorer" - "Microsoft Corporation" - H:\WINDOWS\system32\ie4uinit.exe -BaseSettings {44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Outlook Express 6" - "Microsoft Corporation" - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - H:\WINDOWS\inf\unregmp2.exe /ShowWMP {6BF52A52-394A-11d3-B153-00C04F79FAA6} "Microsoft Windows Media Player" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection H:\WINDOWS\INF\wmp11.inf,PerUserStub {44BBA842-CC51-11CF-AAFA-00AA00B6015B} "NetMeeting 3.01" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection H:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} "Outlook Express" - "Microsoft Corporation" - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - h:\WINDOWS\system32\Rundll32.exe h:\WINDOWS\system32\mscories.dll,Install {2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll {89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" - "Microsoft Corporation" - regsvr32.exe /s /n /i:U shell32.dll {5945c046-1e7d-11d1-bc44-00c04fd912be} "Windows Messenger 4.7" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection H:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - H:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - H:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll {0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" - "Microsoft Corporation" - H:\WINDOWS\system32\SHELL32.dll {24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - H:\WINDOWS\system32\SHELL32.dll {24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - H:\WINDOWS\system32\SHELL32.dll {66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" - "Microsoft Corporation" - H:\WINDOWS\system32\SHELL32.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} "AP Class Install Handler filter" - "Microsoft Corporation" - H:\windows\system32\urlmon.dll {8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - H:\windows\system32\urlmon.dll {8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - H:\windows\system32\urlmon.dll {8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - H:\windows\system32\urlmon.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll {733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" - "Microsoft Corporation" - H:\WINDOWS\system32\SHELL32.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {3dd53d40-7b8b-11D0-b013-00aa0059ce02} "CDL: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - H:\windows\system32\urlmon.dll {12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - H:\WINDOWS\system32\msvidctl.dll {79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - H:\windows\system32\urlmon.dll {79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - H:\windows\system32\urlmon.dll {79eac9e3-baf9-11ce-8c82-00aa004ba90b} "ftp: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - H:\windows\system32\urlmon.dll {79eac9e4-baf9-11ce-8c82-00aa004ba90b} "gopher: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - H:\windows\system32\urlmon.dll {79eac9e2-baf9-11ce-8c82-00aa004ba90b} "http: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - H:\windows\system32\urlmon.dll {79eac9e5-baf9-11ce-8c82-00aa004ba90b} "https: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - H:\windows\system32\urlmon.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - H:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {05300401-BCBC-11d0-85E3-00C04FD85AB4} "MHTML Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - H:\WINDOWS\system32\inetcomm.dll {3050F406-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML About Pluggable Protocol" - "Microsoft Corporation" - H:\WINDOWS\system32\mshtml.dll {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - H:\WINDOWS\system32\mshtml.dll {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - H:\WINDOWS\system32\mshtml.dll {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Mailto Pluggable Protocol" - "Microsoft Corporation" - H:\WINDOWS\system32\mshtml.dll {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Resource Pluggable Protocol" - "Microsoft Corporation" - H:\WINDOWS\system32\mshtml.dll {76E67A63-06E9-11D2-A840-006008059382} "Microsoft HTML Resource Pluggable Protocol" - "Microsoft Corporation" - H:\WINDOWS\system32\mshtml.dll {9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - H:\WINDOWS\system32\itss.dll {9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - H:\WINDOWS\system32\itss.dll {79eac9e6-baf9-11ce-8c82-00aa004ba90b} "mk: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - H:\windows\system32\urlmon.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - H:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - H:\WINDOWS\system32\msvidctl.dll {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} "WiaProtocol Class" - "Microsoft Corporation" - H:\WINDOWS\system32\wiascr.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )----- {438755C2-A8BA-11D1-B96B-00A0C90312E1} "Browseui preloader" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {8C7461EF-2B13-11d2-BE35-3078302C2030} "Component Categories cache daemon" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" - "Microsoft Corporation" - H:\WINDOWS\system32\shell32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {01E04581-4EEE-11d0-BFE9-00AA005B4383} "&Adresse" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {F2CF5485-4E02-4f68-819C-B92DE9277049} "&Links" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {32714800-2E5F-11d0-8B85-00AA0044F941} "&Nach Personen..." - "Microsoft Corporation" - H:\Programme\Outlook Express\wabfind.dll {7e653215-fa25-46bd-a339-34a2790f3cb7} "Accessible" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {88C6C381-2E85-11D0-94DE-444553540000} "ActiveX Cache Folder" - "Microsoft Corporation" - H:\WINDOWS\system32\occache.dll {A08C11D2-A228-11d0-825B-00AA005B4383} "Address EditBox" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {85BBD920-42A0-1069-A2E4-08002B30309D} "Aktenkoffer" - "Microsoft Corporation" - H:\WINDOWS\system32\syncui.dll {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} "Audio Media Properties Handler" - "Microsoft Corporation" - H:\WINDOWS\system32\shmedia.dll {91EA3F8B-C99B-11d0-9815-00C04FD91972} "Augmented Shell Folder" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {6413BA2C-B461-11d1-A18A-080036B11A03} "Augmented Shell Folder 2" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} "Ausführen..." - "Microsoft Corporation" - H:\WINDOWS\system32\shdocvw.dll {5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - "Microsoft Corporation" - H:\WINDOWS\system32\wuaucpl.cpl {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} "Automatische Diashowwiedergabe der Shell" - "Microsoft Corporation" - H:\WINDOWS\system32\shimgvw.dll {87D62D94-71B3-4b9a-9489-5FE6850DC73E} "Avi Properties Handler" - "Microsoft Corporation" - H:\WINDOWS\system32\shmedia.dll {F61FFEC1-754F-11d0-80CA-00AA005B4383} "BandProxy" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {7A9D77BD-5403-11d2-8785-2E0420524153} "Benutzerkonten" - "Microsoft Corporation" - H:\WINDOWS\system32\netplwiz.dll {add36aa8-751a-4579-a266-d66f5202ccbb} "Bestellung von Abzügen über das Internet" - "Microsoft Corporation" - H:\WINDOWS\system32\netplwiz.dll {67EA19A0-CCEF-11d0-8024-00C04FD75D13} "CDF Extension Copy Hook" - "Microsoft Corporation" - H:\WINDOWS\system32\shdocvw.dll {7D559C10-9FE9-11d0-93F7-00AA0059CE02} "Code Download Agent" - "Microsoft Corporation" - H:\WINDOWS\system32\webcheck.dll {BD472F60-27FA-11cf-B8B4-444553540000} "Compressed (zipped) Folder Right Drag Handler" - "Microsoft Corporation" - H:\WINDOWS\system32\zipfldr.dll {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} "Compressed (zipped) Folder SendTo Target" - "Microsoft Corporation" - H:\WINDOWS\system32\zipfldr.dll {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} "CompressedFolder" - "Microsoft Corporation" - H:\WINDOWS\system32\zipfldr.dll {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} "ConnectionAgent" - "Microsoft Corporation" - H:\WINDOWS\system32\webcheck.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {42071713-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Bildschirme" - "Microsoft Corporation" - H:\WINDOWS\system32\deskmon.dll {42071712-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Grafikkarten" - "Microsoft Corporation" - H:\WINDOWS\system32\deskadp.dll {7444C717-39BF-11D1-8CD9-00C04FC29D45} "CryptPKO Class" - "Microsoft Corporation" - H:\WINDOWS\system32\cryptext.dll {7444C719-39BF-11D1-8CD9-00C04FC29D45} "CryptSig Class" - "Microsoft Corporation" - H:\WINDOWS\system32\cryptext.dll {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} "Custom MRU AutoCompleted List" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {CFCCC7A0-A282-11D1-9082-006008059382} "Darwin App Publisher" - "Microsoft Corporation" - H:\WINDOWS\system32\appwiz.cpl {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - H:\Programme\NVIDIA Corporation\nView\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - H:\Programme\NVIDIA Corporation\nView\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - H:\WINDOWS\system32\nvcpl.dll {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} "DfsShell Class" - "Microsoft Corporation" - H:\WINDOWS\system32\dfsshlex.dll {62AE1F9A-126A-11D0-A14B-0800361B1103} "Directory Context Menu Verbs" - "Microsoft Corporation" - H:\WINDOWS\system32\dsuiext.dll {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} "Directory Object Find" - "Microsoft Corporation" - H:\WINDOWS\system32\dsquery.dll {0D45D530-764B-11d0-A1CA-00AA00C16E65} "Directory Property UI" - "Microsoft Corporation" - H:\WINDOWS\system32\dsuiext.dll {8A23E65E-31C2-11d0-891C-00A024AB2DBB} "Directory Query UI" - "Microsoft Corporation" - H:\WINDOWS\system32\dsquery.dll {F020E586-5264-11d1-A532-0000F8757D7E} "Directory Start/Search Find" - "Microsoft Corporation" - H:\WINDOWS\system32\dsquery.dll {f92e8c40-3d33-11d2-b1aa-080036a75b03} "Display TroubleShoot CPL Extension" - "Microsoft Corporation" - H:\WINDOWS\system32\deskperf.dll {22BF0C20-6DA7-11D0-B373-00A0C9034938} "Download Status" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {60fd46de-f830-4894-a628-6fa81bc0190d} "Drop-Zielobjekt für den Fotodruck-Assistent" - "Microsoft Corporation" - H:\WINDOWS\system32\photowiz.dll {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} "E-Mail" - "Microsoft Corporation" - H:\WINDOWS\system32\shdocvw.dll {00022613-0000-0000-C000-000000000046} "Eigenschaften für Multimediadatei" - "Microsoft Corporation" - H:\WINDOWS\system32\mmsys.cpl {1F2E5C40-9550-11CE-99D2-00AA006E086C} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - H:\WINDOWS\system32\rshx32.dll {4E40F770-369C-11d0-8922-00A024AB2DBB} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - H:\WINDOWS\system32\dssec.dll {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - H:\WINDOWS\system32\rshx32.dll {59099400-57FF-11CE-BD94-0020AF85B590} "Erweiterung für Datenträgerkopien" - "Microsoft Corporation" - H:\WINDOWS\system32\diskcopy.dll {EFA24E64-B078-11d0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - H:\WINDOWS\system32\shdocvw.dll {692F0339-CBAA-47e6-B5B5-3B84DB604E87} "Extensions Manager Folder" - "Microsoft Corporation" - H:\WINDOWS\system32\extmgr.dll {7A80E4A8-8005-11D2-BCF8-00C04F72C717} "ExtractIcon Class" - "Microsoft Corporation" - H:\WINDOWS\System32\mmcshext.dll {EFA24E61-B078-11d0-89E4-00C04FC9E26E} "Favorites Band" - "Microsoft Corporation" - H:\WINDOWS\system32\shdocvw.dll {3F30C968-480A-4C6C-862D-EFC0897BB84B} "GDI+ Dateiminiaturansicht-Extrahierungsprogramm" - "Microsoft Corporation" - H:\windows\system32\shimgvw.dll {D6277990-4C6A-11CF-8D87-00AA0060F5BF} "Geplante Tasks" - "Microsoft Corporation" - H:\WINDOWS\system32\mstask.dll {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "Global Folder Settings" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} "Hilfe und Support" - "Microsoft Corporation" - H:\WINDOWS\system32\shdocvw.dll {FF393560-C2A7-11CF-BFF4-444553540000} "History" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {EFA24E62-B078-11d0-89E4-00C04FC9E26E} "History Band" - "Microsoft Corporation" - H:\WINDOWS\system32\shdocvw.dll {EAB841A0-9550-11cf-8C16-00805F1408F3} "HTML-Extrahierungsprogramm" - "Microsoft Corporation" - H:\windows\system32\shimgvw.dll {88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - "Hilgraeve, Inc." - H:\WINDOWS\system32\hticons.dll {DBCE2480-C732-101B-BE72-BA78E9AD5B27} "ICC-Profil" - "Microsoft Corporation" - H:\WINDOWS\system32\icmui.dll {675F097E-4C4D-11D0-B6C1-0800091AA605} "ICM-Druckerverwaltung" - "Microsoft Corporation" - H:\WINDOWS\system32\icmui.dll {5DB2625A-54DF-11D0-B6C4-0800091AA605} "ICM-Monitorverwaltung" - "Microsoft Corporation" - H:\WINDOWS\System32\icmui.dll {176d6597-26d3-11d1-b350-080036a75b03} "ICM-Scannerverwaltung" - "Microsoft Corporation" - H:\WINDOWS\system32\icmui.dll {3028902F-6374-48b2-8DC6-9725E775B926} "IE AutoComplete" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {73CFD649-CD48-4fd8-A272-2070EA56526B} "IE BandProxy" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {FDE7673D-2E19-4145-8376-BBD58C4BC7BA} "IE Custom MRU AutoCompleted List" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {1C1EDB47-CE22-4bbb-B608-77B48F83C823} "IE Fade Task" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {6CF48EF8-44CD-45d2-8832-A16EA016311B} "IE IShellFolderBand" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {4B78D326-D922-44f9-AF2A-07805C2A3560} "IE Menu Band" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {205D7A97-F16D-4691-86EF-F3075DCCA57D} "IE Menu Desk Bar" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {44C76ECD-F7FA-411c-9929-1B77BA77F524} "IE Menu Site" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {07C45BB1-4A8C-4642-A1F5-237E7215FF66} "IE Microsoft BrowserBand" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {6038EF75-ABFC-4e59-AB6F-12D397F6568D} "IE Microsoft History AutoComplete List" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {B31C5FAE-961F-415b-BAF0-E697A5178B94} "IE Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {9D958C62-3954-4b44-8FAB-C4670C1DB4C2} "IE Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} "IE MRU AutoComplete List" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {43886CD5-6529-41c4-A707-7B3C92C05E68} "IE Navigation Bar" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} "IE Registry Tree Options Utility" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} "IE RSS Feeds Folder" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {30D02401-6A81-11d0-8274-00C04FD5AE38} "IE Search Band" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {E6EE9AAC-F76B-4947-8260-A9F136138E11} "IE Shell Band Site Menu" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} "IE Shell Rebar BandSite" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} "IE Tracking Shell Menu" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} "IE4 Suite-Begrüßungsbildschirm" - "Microsoft Corporation" - H:\WINDOWS\system32\shdocvw.dll {169A0691-8DF9-11d1-A1C4-00C04FD75D13} "In-pane search" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {0B124F8F-91F0-11D1-B8B5-006008059382} "Installed Apps Enumerator" - "Microsoft Corporation" - H:\WINDOWS\system32\appwiz.cpl {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} "Internet" - "Microsoft Corporation" - H:\WINDOWS\system32\shdocvw.dll {871C5380-42A0-1069-A2EA-08002B30309D} "Internet Name Space" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {FBF23B40-E3F0-101B-8488-00AA003E56F8} "Internet Shortcut" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {131A6951-7F78-11D0-A979-00C04FD705A2} "ISFBand OC" - "Microsoft Corporation" - H:\WINDOWS\system32\shdocvw.dll {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} "Kabinettdatei" - "Microsoft Corporation" - H:\WINDOWS\system32\cabview.dll {acb4a560-3606-11d3-aef4-00104bd0f92d} "KodakShellExtension" - "Eastman Kodak Company" - H:\Programme\Gemeinsame Dateien\KODAK\IFSCore\kodakshx.dll {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} "Kompatibilitätsseite" - "Microsoft Corporation" - H:\WINDOWS\system32\SlayerXP.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {143A62C8-C33B-11D1-84FE-00C04FA34A14} "Microsoft Agent Character Property Sheet Handler" - "Microsoft Corporation" - H:\WINDOWS\msagent\agentpsh.dll {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} "Microsoft Browser Architecture" - "Microsoft Corporation" - H:\WINDOWS\system32\shdocvw.dll {BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {7BA4C742-9E81-11CF-99D3-00AA004AE837} "Microsoft BrowserBand" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {7988B573-EC89-11cf-9C00-00AA00A14F56} "Microsoft Disk Quota UI" - "Microsoft Corporation" - H:\WINDOWS\system32\dskquoui.dll {6A205B57-2567-4A2C-B881-F787FAB579A3} "Microsoft DocProp Inplace Calendar Control" - "Microsoft Corporation" - H:\WINDOWS\system32\docprop2.dll {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} "Microsoft DocProp Inplace Droplist Combo Control" - "Microsoft Corporation" - H:\WINDOWS\system32\docprop2.dll {A9CF0EAE-901A-4739-A481-E35B73E47F6D} "Microsoft DocProp Inplace Edit Box Control" - "Microsoft Corporation" - H:\WINDOWS\system32\docprop2.dll {8EE97210-FD1F-4B19-91DA-67914005F020} "Microsoft DocProp Inplace ML Edit Box Control" - "Microsoft Corporation" - H:\WINDOWS\system32\docprop2.dll {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} "Microsoft DocProp Inplace Time Control" - "Microsoft Corporation" - H:\WINDOWS\system32\docprop2.dll {883373C3-BF89-11D1-BE35-080036B11A03} "Microsoft DocProp Shell Ext" - "Microsoft Corporation" - H:\WINDOWS\system32\docprop2.dll {63da6ec0-2e98-11cf-8d82-444553540000} "Microsoft FTP Folder" - "Microsoft Corporation" - H:\WINDOWS\system32\msieftp.dll {00BB2764-6A77-11D0-A535-00C04FD7D062} "Microsoft History AutoComplete List" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {5E6AB780-7743-11CF-A12B-00AA004AE837} "Microsoft Internet Toolbar" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {00BB2765-6A77-11D0-A535-00C04FD7D062} "Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {2206CDB2-19C1-11D1-89E0-00C04FD7A829} "Microsoft OLE DB Service Component Data Links" - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll {03C036F1-A186-11D0-824A-00AA005B4383} "Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {3C374A40-BAE4-11CF-BF7D-00AA006946EE} "Microsoft Url History Service" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {A6FD9E45-6E44-43f9-8644-08598F5A74D9} "Midi Properties Handler" - "Microsoft Corporation" - H:\WINDOWS\system32\shmedia.dll {6756A641-DE71-11d0-831B-00AA005B4383} "MRU AutoComplete List" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {ECF03A33-103D-11d2-854D-006008059367} "MyDocs Copy Hook" - "Microsoft Corporation" - H:\WINDOWS\system32\mydocs.dll {ECF03A32-103D-11d2-854D-006008059367} "MyDocs Drop Target" - "Microsoft Corporation" - H:\WINDOWS\system32\mydocs.dll {4a7ded0a-ad25-11d0-98a8-0800361b1103} "MyDocs menu and properties" - "Microsoft Corporation" - H:\WINDOWS\system32\mydocs.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - H:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - H:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - H:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7007ACC7-3202-11D1-AAD2-00805FC1270E} "Netzwerkverbindungen" - "Microsoft Corporation" - H:\WINDOWS\system32\NETSHELL.dll {992CFFA0-F557-101A-88EC-00DD010CCC48} "Netzwerkverbindungen" - "Microsoft Corporation" - H:\WINDOWS\system32\NETSHELL.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - H:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - H:\Programme\NVIDIA Corporation\nView\nvshell.dll {10CFC467-4392-11d2-8DB4-00C04FA31A66} "Offline Files Folder Options" - "Microsoft Corporation" - H:\WINDOWS\System32\cscui.dll {750fdf0e-2a26-11d1-a3ea-080036587f03} "Offline Files Menu" - "Microsoft Corporation" - H:\WINDOWS\System32\cscui.dll {3EA48300-8CF6-101B-84FB-666CCB9BCD32} "OLE-Eigenschaftenseite für Dokumente" - "Microsoft Corporation" - H:\WINDOWS\system32\docprop.dll {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} "Ordner 'Offlinedateien'" - "Microsoft Corporation" - H:\WINDOWS\System32\cscui.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL {58f1f272-9240-4f51-b6d4-fd63d1618591} "Passport-Assistent" - "Microsoft Corporation" - H:\WINDOWS\system32\netplwiz.dll {41E300E0-78B6-11ce-849B-444553540000} "PlusPack CPL-Erweiterung" - "Microsoft Corporation" - H:\WINDOWS\system32\themeui.dll {35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - H:\WINDOWS\system32\wpdshext.dll {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - H:\WINDOWS\system32\wpdshext.dll {640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - H:\WINDOWS\system32\Audiodev.dll {D8BD2030-6FC9-11D0-864F-00AA006809D9} "PostAgent" - "Microsoft Corporation" - H:\WINDOWS\system32\webcheck.dll {9DB7A13C-F208-4981-8353-73CC61AE2783} "Previous Versions" - "Microsoft Corporation" - H:\WINDOWS\system32\twext.dll {596AB062-B4D2-4215-9F74-E9109B0A8153} "Previous Versions Property Page" - "Microsoft Corporation" - H:\WINDOWS\system32\twext.dll {AF4F6510-F982-11d0-8595-00AA004CD6D8} "Registry Tree Options Utility" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {F0152790-D56E-4445-850E-4F3117DB740C} "Remote Sessions CPL Extension" - "Microsoft Corporation" - H:\WINDOWS\system32\remotepg.dll {3F953603-1008-4f6e-A73A-04AAC7A992F1} "Scanner und Kameras" - "Microsoft Corporation" - H:\WINDOWS\system32\wiashext.dll {83bbcbf3-b28a-4919-a5aa-73027445d672} "Scanner und Kameras" - "Microsoft Corporation" - H:\WINDOWS\system32\wiashext.dll {905667aa-acd6-11d2-8080-00805f6596d2} "Scanner und Kameras" - "Microsoft Corporation" - H:\WINDOWS\system32\wiashext.dll {E211B736-43FD-11D1-9EFB-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - H:\WINDOWS\system32\wiashext.dll {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - H:\WINDOWS\system32\wiashext.dll {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} "Scheduling UI icon handler" - "Microsoft Corporation" - H:\WINDOWS\system32\mstask.dll {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} "Scheduling UI property sheet handler" - "Microsoft Corporation" - H:\WINDOWS\system32\mstask.dll {BD84B380-8CA2-1069-AB1D-08000948F534} "Schriftarten" - "Microsoft Corporation" - H:\WINDOWS\system32\fontext.dll {D20EA4E1-3957-11d2-A40B-0C5020524152} "Schriftarten" - "Microsoft Corporation" - H:\WINDOWS\system32\shdocvw.dll {9461b922-3c5a-11d2-bf8b-00c04fb93661} "Search Assistant OC" - "Microsoft Corporation" - H:\WINDOWS\system32\shdocvw.dll {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - H:\WINDOWS\system32\sendmail.dll {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - H:\WINDOWS\system32\sendmail.dll {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} "Set Program Access and Defaults" - "Microsoft Corporation" - H:\WINDOWS\system32\shdocvw.dll {352EC2B7-8B9A-11D1-B8AE-006008059382} "Shell Application Manager" - "Microsoft Corporation" - H:\WINDOWS\system32\appwiz.cpl {0A89A860-D7B1-11CE-8350-444553540000} "Shell Automation Inproc Service" - "Microsoft Corporation" - H:\WINDOWS\system32\shdocvw.dll {ECD4FC4E-521C-11D0-B792-00A0C90312E1} "Shell Band Site Menu" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {ECD4FC4C-521C-11D0-B792-00A0C90312E1} "Shell DeskBar" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} "Shell DeskBarApp" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} "Shell DocObject Viewer" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\shlext.dll {60254CA5-953B-11CF-8C96-00AA00B8708C} "Shell Extension For Windows Script Host" - "Microsoft Corporation" - H:\WINDOWS\system32\wshext.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - h:\WINDOWS\system32\dfshim.dll {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "Shell Image Data Factory" - "Microsoft Corporation" - H:\WINDOWS\system32\shimgvw.dll {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "Shell Image Property Handler" - "Microsoft Corporation" - H:\WINDOWS\system32\shimgvw.dll {e84fda7c-1d6a-45f6-b725-cb260c236066} "Shell Image Verbs" - "Microsoft Corporation" - H:\WINDOWS\system32\shimgvw.dll {00BB2763-6A77-11D0-A535-00C04FD7D062} "Shell Microsoft AutoComplete" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} "Shell properties for a DS object" - "Microsoft Corporation" - H:\WINDOWS\system32\dsquery.dll {ECD4FC4D-521C-11D0-B792-00A0C90312E1} "Shell Rebar BandSite" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {21569614-B795-46b1-85F4-E737A8DC09AD} "Shell Search Band" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {56117100-C0CD-101B-81E2-00AA004AE837} "Shell-Datenauszughandler" - "Microsoft Corporation" - H:\WINDOWS\system32\shscrap.dll {77597368-7b15-11d0-a0c2-080036af3f03} "Shellerweiterung für Webdrucker" - "Microsoft Corporation" - H:\WINDOWS\system32\printui.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {40dd6e20-7c17-11ce-a804-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - H:\WINDOWS\system32\ntshrui.dll {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - H:\WINDOWS\system32\ntshrui.dll {59be4990-f85c-11ce-aff7-00aa003ca9f6} "Shellerweiterungen für Microsoft Windows-Netzwerkobjekte" - "Microsoft Corporation" - H:\WINDOWS\system32\ntlanui2.dll {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - h:\WINDOWS\system32\dfshim.dll {6b33163c-76a5-4b6c-bf21-45de9cd503a1} "Shellobjekt des Webpublishing-Assistenten" - "Microsoft Corporation" - H:\WINDOWS\system32\netplwiz.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - H:\PROGRA~1\MALWAR~1\mdext.dll (File not found) {F5175861-2688-11d0-9C5E-00AA00A45957} "Subscription Folder" - "Microsoft Corporation" - H:\WINDOWS\system32\webcheck.dll {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} "Subscription Mgr" - "Microsoft Corporation" - H:\WINDOWS\system32\webcheck.dll {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} "Suchen" - "Microsoft Corporation" - H:\WINDOWS\system32\shdocvw.dll {0DF44EAA-FF21-4412-828E-260A8728E7F1} "Taskleiste und Startmenü" - "Microsoft Corporation" - H:\WINDOWS\system32\shell32.dll {7BD29E00-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {7BD29E01-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} "The Internet" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll {acf35015-526e-4230-9596-becbe19f0ac9} "Track Popup Bar" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} "TrayAgent" - "Microsoft Corporation" - H:\WINDOWS\system32\webcheck.dll {7376D660-C583-11d0-A3A5-00C04FD706EC} "TridentImageExtractor" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {DD313E04-FEFF-11d1-8ECD-0000F87A470C} "User Assist" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {D20EA4E1-3957-11d2-A40B-0C5020524153} "Verwaltung" - "Microsoft Corporation" - H:\WINDOWS\system32\shdocvw.dll {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} "Video Media Properties Handler" - "Microsoft Corporation" - H:\WINDOWS\system32\shmedia.dll {c5a40261-cd64-4ccf-84cb-c394da41d590} "Video Thumbnail Extractor" - "Microsoft Corporation" - H:\WINDOWS\system32\shmedia.dll {E4B29F9D-D390-480b-92FD-7DDB47101D71} "Wav Properties Handler" - "Microsoft Corporation" - H:\WINDOWS\system32\shmedia.dll {07798131-AF23-11d1-9111-00A0C98BA67D} "Web Search" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - H:\WINDOWS\system32\webcheck.dll {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} "WebCheck SyncMgr Handler" - "Microsoft Corporation" - H:\WINDOWS\system32\webcheck.dll {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} "WebCheckChannelAgent" - "Microsoft Corporation" - H:\WINDOWS\system32\webcheck.dll {08165EA0-E946-11CF-9C87-00AA005127ED} "WebCheckWebCrawler" - "Microsoft Corporation" - H:\WINDOWS\system32\webcheck.dll {CC6EEFFB-43F6-46c5-9619-51D571967F7D} "Webpublishing-Assistent" - "Microsoft Corporation" - H:\WINDOWS\system32\netplwiz.dll {45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - H:\WINDOWS\System32\XPSSHHDR.DLL {44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - H:\WINDOWS\System32\XPSSHHDR.DLL {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} "Windows-Sicherheit" - "Microsoft Corporation" - H:\WINDOWS\system32\shdocvw.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - H:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - H:\WINDOWS\system32\wmpshell.dll {8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - H:\WINDOWS\system32\wmpshell.dll {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - H:\WINDOWS\system32\wmpshell.dll {9DBD2C50-62AD-11d0-B806-00C04FD706EC} "Zusammenfassungs-Miniaturansichthandler (DOCFILES)" - "Microsoft Corporation" - H:\windows\system32\shimgvw.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" - "Microsoft Corporation" - H:\WINDOWS\system32\shell32.dll {fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" - "Microsoft Corporation" - H:\WINDOWS\system32\SHELL32.dll {35CEC8A3-2BE6-11D2-8773-92E220524153} "SysTray" - "Microsoft Corporation" - H:\WINDOWS\system32\stobject.dll {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - H:\WINDOWS\system32\webcheck.dll {AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" - "Microsoft Corporation" - H:\WINDOWS\system32\WPDShServiceObj.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Adresse" - "Microsoft Corporation" - H:\WINDOWS\system32\browseui.dll <binary data> "&Links" - "Microsoft Corporation" - H:\WINDOWS\system32\SHELL32.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - H:\WINDOWS\system32\ieframe.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - H:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Exec" - "Microsoft Corporation" - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe "Messenger" - "Microsoft Corporation" - H:\Programme\Messenger\msmsgs.exe {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - H:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - H:\Programme\Canon\Easy-WebPrint\Toolband.dll (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - ? - H:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (File not found) {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} "EWPBrowseObject Class" - ? - H:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll (File not found) {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - H:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Known DLLs] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )----- "advapi32" - "Microsoft Corporation" - H:\WINDOWS\system32\advapi32.dll "comdlg32" - "Microsoft Corporation" - H:\WINDOWS\system32\comdlg32.dll "gdi32" - "Microsoft Corporation" - H:\WINDOWS\system32\gdi32.dll "imagehlp" - "Microsoft Corporation" - H:\WINDOWS\system32\imagehlp.dll "kernel32" - "Microsoft Corporation" - H:\WINDOWS\system32\kernel32.dll "lz32" - "Microsoft Corporation" - H:\WINDOWS\system32\lz32.dll "ole32" - "Microsoft Corporation" - H:\WINDOWS\system32\ole32.dll "oleaut32" - "Microsoft Corporation" - H:\WINDOWS\system32\oleaut32.dll "olecli32" - "Microsoft Corporation" - H:\WINDOWS\system32\olecli32.dll "olecnv32" - "Microsoft Corporation" - H:\WINDOWS\system32\olecnv32.dll "olesvr32" - "Microsoft Corporation" - H:\WINDOWS\system32\olesvr32.dll "olethk32" - "Microsoft Corporation" - H:\WINDOWS\system32\olethk32.dll "rpcrt4" - "Microsoft Corporation" - H:\WINDOWS\system32\rpcrt4.dll "shell32" - "Microsoft Corporation" - H:\WINDOWS\system32\shell32.dll "url" - "Microsoft Corporation" - H:\WINDOWS\system32\url.dll "urlmon" - "Microsoft Corporation" - H:\WINDOWS\system32\urlmon.dll "user32" - "Microsoft Corporation" - H:\WINDOWS\system32\user32.dll "version" - "Microsoft Corporation" - H:\WINDOWS\system32\version.dll "wininet" - "Microsoft Corporation" - H:\WINDOWS\system32\wininet.dll "wldap32" - "Microsoft Corporation" - H:\WINDOWS\system32\wldap32.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Authentication packages" - "Microsoft Corporation" - H:\WINDOWS\system32\msv1_0.dll "Notification packages" - "Microsoft Corporation" - H:\WINDOWS\system32\scecli.dll "Security Packages" - "Microsoft Corporation" - H:\WINDOWS\system32\kerberos.dll "Security Packages" - "Microsoft Corporation" - H:\WINDOWS\system32\msv1_0.dll "Security Packages" - "Microsoft Corporation" - H:\WINDOWS\system32\schannel.dll "Security Packages" - "Microsoft Corporation" - H:\WINDOWS\system32\wdigest.dll -----( HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders )----- "SecurityProviders" - "Microsoft Corporation" - H:\WINDOWS\system32\msapsspc.dll "SecurityProviders" - "Microsoft Corporation" - H:\WINDOWS\system32\schannel.dll "SecurityProviders" - "Microsoft Corporation" - H:\WINDOWS\system32\digest.dll "SecurityProviders" - "Microsoft Corporation" - H:\WINDOWS\system32\msnsspc.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - H:\Dokumente und Einstellungen\Normal\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ctfmon.exe" - "Microsoft Corporation" - H:\WINDOWS\system32\ctfmon.exe "PhonostarTimer" - ? - H:\Programme\phonostar\ps_timer.exe -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "Shell" - "Microsoft Corporation" - H:\WINDOWS\Explorer.exe "Userinit" - "Microsoft Corporation" - H:\windows\system32\userinit.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - "Microsoft Corporation" - H:\WINDOWS\system32\rdpclip.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ArcSoft Connection Service" - "ArcSoft Inc." - H:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe "avgnt" - "Avira GmbH" - "H:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "Gainward" - "Gainward Co." - H:\WINDOWS\TBPanel.exe /A "NeroFilterCheck" - "Nero AG" - H:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "OpwareSE4" - "Nuance Communications, Inc." - "H:\Programme\ScanSoft\OmniPageSE4\OpwareSE4.exe" "PDFPrint" - "Geek Software GmbH" - H:\Programme\PDF24\pdf24.exe "QuickTime Task" - "Apple Computer, Inc." - "H:\Programme\QuickTime\qttask.exe" -atboottime "RTHDCPL" - "Realtek Semiconductor Corp." - RTHDCPL.EXE "SkyTel" - "Realtek Semiconductor Corp." - SkyTel.EXE "SSBkgdUpdate" - "Nuance Communications, Inc." - "H:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Microsoft Windows-Netzwerk" - "Microsoft Corporation" - H:\WINDOWS\System32\ntlanman.dll "Microsoft-Terminaldienste" - "Microsoft Corporation" - H:\WINDOWS\System32\drprov.dll "Web Client Network" - "Microsoft Corporation" - H:\WINDOWS\System32\davclnt.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "BJ Language Monitor" - "Microsoft Corporation" - H:\WINDOWS\system32\cnbjmon.dll "Canon BJ Language Monitor iP3300" - "CANON INC." - H:\WINDOWS\system32\CNMLM84.DLL "Canon BJ Language Monitor MP140 series" - "CANON INC." - H:\WINDOWS\system32\CNMLM8R.DLL "Canon BJ Language Monitor S330" - "CANON INC." - H:\WINDOWS\system32\CNMLM45.DLL "Local Port" - "Microsoft Corporation" - H:\WINDOWS\system32\localspl.dll "PJL Language Monitor" - "Microsoft Corporation" - H:\WINDOWS\system32\pjlmon.dll "Standard TCP/IP Port" - "Microsoft Corporation" - H:\WINDOWS\system32\tcpmon.dll "USB Monitor" - "Microsoft Corporation" - H:\WINDOWS\system32\usbmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Ablagemappe" (ClipSrv) - "Microsoft Corporation" - H:\WINDOWS\system32\clipsrv.exe "Anmeldedienst" (Netlogon) - "Microsoft Corporation" - H:\WINDOWS\system32\lsass.exe "Anwendungsverwaltung" (AppMgmt) - ? - H:\WINDOWS\System32\appmgmts.dll (File not found) "Arbeitsstationsdienst" (lanmanworkstation) - "Microsoft Corporation" - H:\WINDOWS\System32\wkssvc.dll "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - H:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Automatic Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll (File not found) "Automatische Konfiguration (verkabelt)" (Dot3svc) - "Microsoft Corporation" - H:\WINDOWS\System32\dot3svc.dll "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\sched.exe "COM+-Ereignissystem" (EventSystem) - "Microsoft Corporation" - H:\WINDOWS\system32\es.dll "COM+-Systemanwendung" (COMSysApp) - "Microsoft Corporation" - H:\WINDOWS\system32\dllhost.exe "Computerbrowser" (Browser) - "Microsoft Corporation" - H:\WINDOWS\System32\browser.dll "CryptSvc" (CryptSvc) - "Microsoft Corporation" - H:\WINDOWS\System32\cryptsvc.dll "DCOM-Server-Prozessstart" (DcomLaunch) - "Microsoft Corporation" - H:\WINDOWS\system32\rpcss.dll "Designs" (Themes) - "Microsoft Corporation" - H:\WINDOWS\System32\shsvcs.dll "DHCP-Client" (Dhcp) - "Microsoft Corporation" - H:\WINDOWS\System32\dhcpcsvc.dll "Dienst für Seriennummern der tragbaren Medien" (WmdmPmSN) - "Microsoft Corporation" - H:\WINDOWS\system32\MsPMSNSv.dll "Distributed Transaction Coordinator" (MSDTC) - "Microsoft Corporation" - H:\WINDOWS\system32\msdtc.exe "DNS-Client" (Dnscache) - "Microsoft Corporation" - H:\WINDOWS\System32\dnsrslvr.dll "Druckwarteschlange" (Spooler) - "Microsoft Corporation" - H:\WINDOWS\system32\spoolsv.exe "Ereignisprotokoll" (Eventlog) - "Microsoft Corporation" - H:\WINDOWS\system32\services.exe "Extensible Authentication-Protokolldienst" (EapHost) - "Microsoft Corporation" - H:\WINDOWS\System32\eapsvc.dll "Fehlerberichterstattungsdienst" (ERSvc) - "Microsoft Corporation" - H:\WINDOWS\System32\ersvc.dll "Gatewaydienst auf Anwendungsebene" (ALG) - "Microsoft Corporation" - H:\WINDOWS\System32\alg.exe "Geschützter Speicher" (ProtectedStorage) - "Microsoft Corporation" - H:\WINDOWS\system32\lsass.exe "HID Input Service" (HidServ) - "Microsoft Corporation" - H:\WINDOWS\System32\hidserv.dll "Hilfe und Support" (helpsvc) - "Microsoft Corporation" - H:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll "HTTP-SSL" (HTTPFilter) - "Microsoft Corporation" - H:\WINDOWS\System32\w3ssl.dll "IMAPI-CD-Brenn-COM-Dienste" (ImapiService) - "Microsoft Corporation" - H:\WINDOWS\system32\imapi.exe "Indexdienst" (CiSvc) - "Microsoft Corporation" - H:\WINDOWS\system32\cisvc.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - H:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "Integritätsschlüssel- und Zertifikatverwaltungsdienst" (hkmsvc) - "Microsoft Corporation" - H:\WINDOWS\System32\kmsvc.dll "Intelligenter Hintergrundübertragungsdienst" (BITS) - "Microsoft Corporation" - H:\WINDOWS\system32\qmgr.dll "IPSEC-Dienste" (PolicyAgent) - "Microsoft Corporation" - H:\WINDOWS\system32\lsass.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\jqs.exe "Kodak Camera Connection Software" (KodakCCS) - ? - H:\WINDOWS\system32\drivers\KodakCCS.exe (File not found) "Kompatibilität für schnelle Benutzerumschaltung" (FastUserSwitchingCompatibility) - "Microsoft Corporation" - H:\WINDOWS\System32\shsvcs.dll "Konfigurationsfreie drahtlose Verbindung" (WZCSVC) - "Microsoft Corporation" - H:\WINDOWS\System32\wzcsvc.dll "Leistungsdatenprotokolle und Warnungen" (SysmonLog) - "Microsoft Corporation" - H:\WINDOWS\system32\smlogsvc.exe "MS Software Shadow Copy Provider" (SwPrv) - "Microsoft Corporation" - H:\WINDOWS\system32\dllhost.exe "NAP-Agent (Network Access Protection)" (napagent) - "Microsoft Corporation" - H:\WINDOWS\System32\qagentrt.dll "NBService" (NBService) - "Nero AG" - H:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe "NetMeeting-Remotedesktop-Freigabe" (mnmsrvc) - "Microsoft Corporation" - H:\WINDOWS\system32\mnmsrvc.exe "Netzwerkverbindungen" (Netman) - "Microsoft Corporation" - H:\WINDOWS\System32\netman.dll "Netzwerkversorgungsdienst" (xmlprov) - "Microsoft Corporation" - H:\WINDOWS\System32\xmlprov.dll "NLA (Network Location Awareness)" (Nla) - "Microsoft Corporation" - H:\WINDOWS\System32\mswsock.dll "NMIndexingService" (NMIndexingService) - "Nero AG" - H:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe "NT-LM-Sicherheitsdienst" (NtLmSsp) - "Microsoft Corporation" - H:\WINDOWS\system32\lsass.exe "NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - H:\WINDOWS\system32\nvsvc32.exe "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - H:\windows\system32\IoctlSvc.exe "Plug & Play" (PlugPlay) - "Microsoft Corporation" - H:\WINDOWS\system32\services.exe "QoS-RSVP" (RSVP) - "Microsoft Corporation" - H:\WINDOWS\system32\rsvp.exe "RAS-Verbindungsverwaltung" (RasMan) - "Microsoft Corporation" - H:\WINDOWS\System32\rasmans.dll "Remoteprozeduraufruf (RPC)" (RpcSs) - "Microsoft Corporation" - H:\WINDOWS\System32\rpcss.dll "RPC-Locator" (RpcLocator) - "Microsoft Corporation" - H:\WINDOWS\system32\locator.exe "Secondary Logon" (seclogon) - "Microsoft Corporation" - H:\WINDOWS\System32\seclogon.dll "Server" (lanmanserver) - "Microsoft Corporation" - H:\WINDOWS\System32\srvsvc.dll "Shellhardwareerkennung" (ShellHWDetection) - "Microsoft Corporation" - H:\WINDOWS\System32\shsvcs.dll "Sicherheitscenter" (wscsvc) - "Microsoft Corporation" - H:\WINDOWS\system32\wscsvc.dll "Sicherheitskontenverwaltung" (SamSs) - "Microsoft Corporation" - H:\WINDOWS\system32\lsass.exe "Sitzungs-Manager für Remotedesktophilfe" (RDSessMgr) - "Microsoft Corporation" - H:\WINDOWS\system32\sessmgr.exe "Smartcard" (SCardSvr) - "Microsoft Corporation" - H:\WINDOWS\System32\SCardSvr.exe "SSDP-Suchdienst" (SSDPSRV) - "Microsoft Corporation" - H:\WINDOWS\System32\ssdpsrv.dll "Systemereignisbenachrichtigung" (SENS) - "Microsoft Corporation" - H:\WINDOWS\system32\sens.dll "Systemwiederherstellungsdienst" (srservice) - "Microsoft Corporation" - H:\WINDOWS\system32\srsvc.dll "Taskplaner" (Schedule) - "Microsoft Corporation" - H:\WINDOWS\system32\schedsvc.dll "TCP/IP-NetBIOS-Hilfsprogramm" (LmHosts) - "Microsoft Corporation" - H:\WINDOWS\System32\lmhsvc.dll "Telefonie" (TapiSrv) - "Microsoft Corporation" - H:\WINDOWS\System32\tapisrv.dll "Terminaldienste" (TermService) - "Microsoft Corporation" - H:\WINDOWS\System32\termsrv.dll "Universeller Plug & Play-Gerätehost" (upnphost) - "Microsoft Corporation" - H:\WINDOWS\System32\upnphost.dll "Unterbrechungsfreie Stromversorgung" (UPS) - "Microsoft Corporation" - H:\WINDOWS\System32\ups.exe "Verwaltung für automatische RAS-Verbindung" (RasAuto) - "Microsoft Corporation" - H:\WINDOWS\System32\rasauto.dll "Verwaltung logischer Datenträger" (dmserver) - "Microsoft Corp." - H:\WINDOWS\System32\dmserver.dll "Verwaltungsdienst für die Verwaltung logischer Datenträger" (dmadmin) - "Microsoft Corp., Veritas Software" - H:\WINDOWS\System32\dmadmin.exe "Volumeschattenkopie" (VSS) - "Microsoft Corporation" - H:\WINDOWS\System32\vssvc.exe "Webclient" (WebClient) - "Microsoft Corporation" - H:\WINDOWS\System32\webclnt.dll "Wechselmedien" (NtmsSvc) - "Microsoft Corporation" - H:\WINDOWS\system32\ntmssvc.dll "Windows Audio" (AudioSrv) - "Microsoft Corporation" - H:\WINDOWS\System32\audiosrv.dll "Windows CardSpace" (idsvc) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Driver Foundation - User-mode Driver Framework" (WudfSvc) - "Microsoft Corporation" - H:\WINDOWS\System32\WUDFSvc.dll "Windows Installer" (MSIServer) - "Microsoft Corporation" - H:\windows\system32\msiexec.exe "Windows Media Player-Netzwerkfreigabedienst" (WMPNetworkSvc) - "Microsoft Corporation" - H:\Programme\Windows Media Player\WMPNetwk.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows-Bilderfassung (WIA)" (stisvc) - "Microsoft Corporation" - H:\WINDOWS\system32\wiaservc.dll "Windows-Firewall/Gemeinsame Nutzung der Internetverbindung" (SharedAccess) - "Microsoft Corporation" - H:\WINDOWS\System32\ipnathlp.dll "Windows-Verwaltungsinstrumentation" (winmgmt) - "Microsoft Corporation" - H:\WINDOWS\system32\wbem\WMIsvc.dll "Windows-Zeitgeber" (W32Time) - "Microsoft Corporation" - H:\WINDOWS\system32\w32time.dll "WMI-Leistungsadapter" (WmiApSrv) - "Microsoft Corporation" - H:\WINDOWS\system32\wbem\wmiapsrv.exe "Überwachung verteilter Verknüpfungen (Client)" (TrkWks) - "Microsoft Corporation" - H:\WINDOWS\system32\trkwks.dll [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - "Microsoft Corporation" - H:\windows\system32\ssflwbox.scr -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "UIHost" - "Microsoft Corporation" - H:\WINDOWS\system32\logonui.exe "VmApplet" - "Microsoft Corporation" - H:\WINDOWS\system32\sysdm.cpl -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" - "Microsoft Corporation" - H:\WINDOWS\system32\dot3gpclnt.dll {B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} "EFS recovery" - "Microsoft Corporation" - H:\WINDOWS\system32\scecli.dll {A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer Branding" - "Microsoft Corporation" - H:\WINDOWS\system32\iedkcs32.dll {4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer Zonemapping" - "Microsoft Corporation" - H:\WINDOWS\system32\iedkcs32.dll {C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - H:\WINDOWS\System32\cscui.dll {3610eda5-77ef-11d2-8dc5-00c04fa31a66} "Microsoft-Datenträgerkontingent" - "Microsoft Corporation" - H:\WINDOWS\system32\dskquota.dll {827D319E-6EAC-11D2-A4EA-00C04F79F83A} "Security" - "Microsoft Corporation" - H:\WINDOWS\system32\scecli.dll {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "crypt32chain" - "Microsoft Corporation" - H:\WINDOWS\system32\crypt32.dll "cryptnet" - "Microsoft Corporation" - H:\WINDOWS\system32\cryptnet.dll "cscdll" - "Microsoft Corporation" - H:\WINDOWS\system32\cscdll.dll "dimsntfy" - "Microsoft Corporation" - H:\WINDOWS\System32\dimsntfy.dll "ScCertProp" - "Microsoft Corporation" - H:\WINDOWS\system32\wlnotify.dll "Schedule" - "Microsoft Corporation" - H:\WINDOWS\system32\wlnotify.dll "sclgntfy" - "Microsoft Corporation" - H:\WINDOWS\system32\sclgntfy.dll "SensLogn" - "Microsoft Corporation" - H:\WINDOWS\system32\WlNotify.dll "termsrv" - "Microsoft Corporation" - H:\WINDOWS\system32\wlnotify.dll "wlballoon" - "Microsoft Corporation" - H:\WINDOWS\system32\wlnotify.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "NLA-Namespace" - "Microsoft Corporation" - H:\WINDOWS\System32\mswsock.dll "NTDS" - "Microsoft Corporation" - H:\WINDOWS\System32\winrnr.dll "TCP/IP" - "Microsoft Corporation" - H:\WINDOWS\System32\mswsock.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "MSAFD NetBIOS [\Device\NetBT_Tcpip_{39C24CE6-4775-4F67-95A2-1575914AE114}] DATAGRAM 3" - "Microsoft Corporation" - H:\WINDOWS\system32\mswsock.dll "MSAFD NetBIOS [\Device\NetBT_Tcpip_{39C24CE6-4775-4F67-95A2-1575914AE114}] SEQPACKET 3" - "Microsoft Corporation" - H:\WINDOWS\system32\mswsock.dll "MSAFD NetBIOS [\Device\NetBT_Tcpip_{4640496C-76B5-4CDC-B21C-BFFD43F8B394}] DATAGRAM 0" - "Microsoft Corporation" - H:\WINDOWS\system32\mswsock.dll "MSAFD NetBIOS [\Device\NetBT_Tcpip_{4640496C-76B5-4CDC-B21C-BFFD43F8B394}] SEQPACKET 0" - "Microsoft Corporation" - H:\WINDOWS\system32\mswsock.dll "MSAFD NetBIOS [\Device\NetBT_Tcpip_{72908557-FB2F-4387-AB70-FE2E654016E4}] DATAGRAM 4" - "Microsoft Corporation" - H:\WINDOWS\system32\mswsock.dll "MSAFD NetBIOS [\Device\NetBT_Tcpip_{72908557-FB2F-4387-AB70-FE2E654016E4}] SEQPACKET 4" - "Microsoft Corporation" - H:\WINDOWS\system32\mswsock.dll "MSAFD NetBIOS [\Device\NetBT_Tcpip_{7566065C-197A-4995-940B-92E0F4980EF5}] DATAGRAM 2" - "Microsoft Corporation" - H:\WINDOWS\system32\mswsock.dll "MSAFD NetBIOS [\Device\NetBT_Tcpip_{7566065C-197A-4995-940B-92E0F4980EF5}] SEQPACKET 2" - "Microsoft Corporation" - H:\WINDOWS\system32\mswsock.dll "MSAFD NetBIOS [\Device\NetBT_Tcpip_{864623CF-C119-4B95-A95D-7EF6ECD75008}] DATAGRAM 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mswsock.dll "MSAFD NetBIOS [\Device\NetBT_Tcpip_{864623CF-C119-4B95-A95D-7EF6ECD75008}] SEQPACKET 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mswsock.dll "MSAFD Tcpip [RAW/IP]" - "Microsoft Corporation" - H:\WINDOWS\system32\mswsock.dll "MSAFD Tcpip [TCP/IP]" - "Microsoft Corporation" - H:\WINDOWS\system32\mswsock.dll "MSAFD Tcpip [UDP/IP]" - "Microsoft Corporation" - H:\WINDOWS\system32\mswsock.dll "RSVP TCP Service Provider" - "Microsoft Corporation" - H:\WINDOWS\system32\rsvpsp.dll "RSVP UDP Service Provider" - "Microsoft Corporation" - H:\WINDOWS\system32\rsvpsp.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
08.05.2011, 12:09
| #44 |
| | Trojaner tr crypt.xpack.gen2 Und als letztes noch das MBRCheck Log-File: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x000001ed Kernel Drivers (total 131): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806D1000 \WINDOWS\system32\hal.dll 0xF7A9C000 \WINDOWS\system32\KDCOM.DLL 0xF79AC000 \WINDOWS\system32\BOOTVID.dll 0xF746C000 ACPI.sys 0xF7A9E000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF745B000 pci.sys 0xF759C000 isapnp.sys 0xF75AC000 ohci1394.sys 0xF75BC000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF7B64000 pciide.sys 0xF781C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF75CC000 MountMgr.sys 0xF743C000 ftdisk.sys 0xF7824000 PartMgr.sys 0xF75DC000 sfsync03.sys 0xF75EC000 VolSnap.sys 0xF7424000 atapi.sys 0xF75FC000 disk.sys 0xF760C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7404000 fltmgr.sys 0xF73F2000 sr.sys 0xF761C000 PxHelp20.sys 0xF73DB000 KSecDD.sys 0xF73C8000 WudfPf.sys 0xF733B000 Ntfs.sys 0xF730E000 NDIS.sys 0xF72FB000 sfvfs02.sys 0xF782C000 sfhlp02.sys 0xF7AA0000 sfhlp01.sys 0xF72E9000 sfdrv01.sys 0xF72CD000 prohlp02.sys 0xF72B3000 Mup.sys 0xF779C000 \SystemRoot\system32\DRIVERS\AmdK8.sys 0xF78E4000 \SystemRoot\system32\DRIVERS\usbohci.sys 0xF7247000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF78EC000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF77AC000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF78F4000 \SystemRoot\system32\drivers\Afc.sys 0xF77BC000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF77CC000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF7224000 \SystemRoot\system32\DRIVERS\ks.sys 0xF71FC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF77DC000 \SystemRoot\system32\DRIVERS\nvnetbus.sys 0xF70F7000 \SystemRoot\system32\DRIVERS\NVNRM.SYS 0xF70A4000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS 0xF66D7000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xF66C3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF78FC000 \SystemRoot\system32\DRIVERS\fdc.sys 0xF77EC000 \SystemRoot\system32\DRIVERS\serial.sys 0xF7A70000 \SystemRoot\system32\DRIVERS\serenum.sys 0xF66AF000 \SystemRoot\system32\DRIVERS\parport.sys 0xF77FC000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF7904000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF790C000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF7C00000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF780C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF7A74000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF6698000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF764C000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF765C000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF7914000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF65E7000 \SystemRoot\system32\DRIVERS\psched.sys 0xF766C000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF791C000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF7924000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF767C000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7AB2000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF6589000 \SystemRoot\system32\DRIVERS\update.sys 0xF7A84000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF76AC000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF76BC000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7AB4000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF60E9000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xF60C5000 \SystemRoot\system32\drivers\portcls.sys 0xF76EC000 \SystemRoot\system32\drivers\drmk.sys 0xF793C000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0xF7ACC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF771C000 \SystemRoot\system32\DRIVERS\DcCam.sys 0xF3F9F000 \SystemRoot\system32\DRIVERS\EXPORTIT.SYS 0xF7C4F000 \SystemRoot\System32\Drivers\Null.SYS 0xF7ACE000 \SystemRoot\System32\Drivers\Beep.SYS 0xF794C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF7954000 \SystemRoot\System32\drivers\vga.sys 0xF7AD0000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7AD2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF795C000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF7964000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF7A28000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xF3F6C000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xF3F13000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xF3EEB000 \SystemRoot\system32\DRIVERS\netbt.sys 0xF3EC9000 \SystemRoot\System32\drivers\afd.sys 0xF772C000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF3E9E000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xF774C000 \SystemRoot\System32\drivers\prodrv06.sys 0xF3E06000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF775C000 \SystemRoot\System32\Drivers\Fips.SYS 0xF3D40000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF776C000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF3D24000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xF7AE0000 \??\H:\Programme\Avira\AntiVir Desktop\avgio.sys 0xF6688000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xF796C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xF3CE4000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7AE6000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF6535000 \SystemRoot\System32\drivers\Dxapi.sys 0xF7974000 \SystemRoot\System32\watchdog.sys 0xBD000000 \SystemRoot\System32\drivers\dxg.sys 0xF7CCA000 \SystemRoot\System32\drivers\dxgthk.sys 0xBD012000 \SystemRoot\System32\nv4_disp.dll 0xBD623000 \SystemRoot\System32\ATMFD.DLL 0xB86D4000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xF3DD6000 \SystemRoot\system32\drivers\dcfs2k.sys 0xF3E76000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB8387000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xF7B5C000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xF7B5E000 \SystemRoot\System32\Drivers\TBPanel.SYS 0xB82F4000 \SystemRoot\system32\DRIVERS\atksgt.sys 0xF788C000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0xB846C000 \SystemRoot\system32\DRIVERS\secdrv.sys 0xB81D4000 \SystemRoot\system32\DRIVERS\srv.sys 0xB7FDF000 \SystemRoot\system32\drivers\wdmaud.sys 0xB8798000 \SystemRoot\system32\drivers\sysaudio.sys 0xB7374000 \SystemRoot\System32\Drivers\HTTP.sys 0xB72BC000 \SystemRoot\system32\DRIVERS\NVENETFD.sys 0xB82A4000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xB8768000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xB6B46000 \SystemRoot\system32\drivers\kmixer.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 40): 0 System Idle Process 4 System 416 H:\WINDOWS\system32\smss.exe 480 csrss.exe 504 H:\WINDOWS\system32\winlogon.exe 548 H:\WINDOWS\system32\services.exe 560 H:\WINDOWS\system32\lsass.exe 716 H:\WINDOWS\system32\nvsvc32.exe 752 H:\WINDOWS\system32\svchost.exe 840 svchost.exe 880 H:\WINDOWS\system32\svchost.exe 936 H:\WINDOWS\system32\svchost.exe 1068 svchost.exe 1136 svchost.exe 1220 H:\WINDOWS\explorer.exe 1300 H:\WINDOWS\system32\spoolsv.exe 1364 H:\Programme\Avira\AntiVir Desktop\sched.exe 1412 svchost.exe 1476 H:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe 1488 H:\Programme\Avira\AntiVir Desktop\avguard.exe 1532 H:\Programme\Java\jre6\bin\jqs.exe 1572 H:\WINDOWS\system32\IoctlSvc.exe 1636 H:\WINDOWS\system32\svchost.exe 1916 H:\WINDOWS\RTHDCPL.exe 1960 H:\WINDOWS\TBPanel.exe 1972 H:\Programme\Avira\AntiVir Desktop\avgnt.exe 1996 H:\WINDOWS\system32\rundll32.exe 2004 H:\Programme\QuickTime\qttask.exe 2024 H:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe 2032 H:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe 152 H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe 160 H:\Programme\PDF24\pdf24.exe 184 H:\Programme\phonostar\ps_timer.exe 148 H:\WINDOWS\system32\ctfmon.exe 280 H:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac 992 alg.exe 2084 H:\WINDOWS\system32\wbem\wmiapsrv.exe 3928 H:\Programme\Mozilla Firefox\firefox.exe 968 H:\Programme\Mozilla Firefox\plugin-container.exe 996 H:\Dokumente und Einstellungen\Normal\Desktop\MBRCheck.exe \\.\H: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: SAMSUNGSP2504C, Rev: VT100-50 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 Done! was also nun als nächstes? Grüße und |
|
08.05.2011, 14:27
| #45 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner tr crypt.xpack.gen2 Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner tr crypt.xpack.gen2 |
| .dll, antivir, avira, crypt.xpack.gen, crypt.xpack.gen2, desktop, einstellungen, festplatte, frage, heuristics.reserved.word.exploit, infiziert, löschen, modul, nt.dll, pdf, problem, programme, prozesse, registry, rundll, services.exe, svchost.exe, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, verweise, virus gefunden, warnung, windows, winlogon.exe, überspielen, zu langsam |
Linear-Darstellung
