Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Verschlüsselungstrojaner! (flirt-fever.de)

Verschlüsselungstrojaner! (flirt-fever.de)


Log-Analyse und Auswertung: Verschlüsselungstrojaner! (flirt-fever.de)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 2 von 3 1 2 3
Alt 01.07.2012, 09:18   #16
ms_sh
 
Verschlüsselungstrojaner! (flirt-fever.de) - Standard

Verschlüsselungstrojaner! (flirt-fever.de)


Logfile habe ich als Anhang als Zip hochgeladen...

Alt 01.07.2012, 16:00   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner! (flirt-fever.de) - Standard

Verschlüsselungstrojaner! (flirt-fever.de)


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________

__________________
Alt 02.07.2012, 11:07   #18
ms_sh
 
Verschlüsselungstrojaner! (flirt-fever.de) - Standard

Verschlüsselungstrojaner! (flirt-fever.de)


[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-01.04 - *** 02.07.2012  10:27:09.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3070.1793 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\32122199911
c:\programdata\Roaming
c:\users\***\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-02 bis 2012-07-02  ))))))))))))))))))))))))))))))
.
.
2012-07-02 09:06 . 2012-07-02 09:06	--------	d-----w-	c:\users\***\AppData\Local\temp
2012-07-02 09:06 . 2012-07-02 09:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-01 09:41 . 2012-07-01 09:41	--------	d-----w-	c:\users\***\AppData\Roaming\Intermedia Software
2012-07-01 09:41 . 2012-07-01 09:41	--------	d-----w-	c:\program files\Intermedia Software
2012-06-26 20:51 . 2011-10-24 13:28	176128	----a-w-	c:\windows\system32\QTCF.dll
2012-06-26 20:12 . 2012-06-26 20:12	--------	d-----w-	c:\program files\gs
2012-06-26 12:24 . 2012-06-26 12:24	--------	d-----w-	C:\_OTL
2012-06-26 08:32 . 2012-06-26 08:32	--------	d-----w-	c:\users\***\.thumbnails
2012-06-25 11:48 . 2012-06-25 11:48	--------	d-----w-	c:\users\***\AppData\Local\webkit
2012-06-24 13:01 . 2012-06-24 13:02	--------	d-----w-	c:\users\***\AppData\Roaming\pdfforge
2012-06-24 13:01 . 2012-06-15 04:51	81408	----a-w-	c:\windows\system32\pdfcmon.dll
2012-06-24 13:01 . 2004-03-08 23:00	662288	----a-w-	c:\windows\system32\MSCOMCT2.OCX
2012-06-24 13:01 . 1998-06-23 23:00	137000	----a-w-	c:\windows\system32\MSMAPI32.OCX
2012-06-24 13:01 . 1998-07-06 16:56	125712	----a-w-	c:\windows\system32\VB6DE.DLL
2012-06-24 13:01 . 1998-07-06 16:55	158208	----a-w-	c:\windows\system32\MSCMCDE.DLL
2012-06-24 13:01 . 1998-07-06 16:55	64512	----a-w-	c:\windows\system32\MSCC2DE.DLL
2012-06-24 13:01 . 1998-07-05 23:00	23552	----a-w-	c:\windows\system32\MSMPIDE.DLL
2012-06-24 13:01 . 2012-06-24 13:01	--------	d-----w-	c:\program files\PDFCreator
2012-06-24 08:06 . 2012-06-24 08:06	--------	d-----w-	c:\users\***\AppData\Roaming\www.shadowexplorer.com
2012-06-24 08:05 . 2012-06-24 08:05	--------	d-----w-	c:\program files\ShadowExplorer
2012-06-23 14:39 . 2012-06-23 14:39	--------	d-----w-	c:\program files\JPEG Recovery Pro
2012-06-23 14:34 . 2012-06-23 14:34	--------	d-----w-	c:\users\***\AppData\Roaming\JPEGsnoop
2012-06-23 06:37 . 2012-06-23 06:45	--------	d-----w-	c:\users\***\Scareuncrypt
2012-06-19 17:39 . 2012-06-19 17:39	--------	d-----w-	c:\program files\ESET
2012-06-19 16:55 . 2012-06-19 16:55	--------	d-----w-	c:\program files\Oracle
2012-06-18 17:23 . 2012-06-18 17:23	--------	d-----w-	c:\users\***\AppData\Roaming\FotoPrix
2012-06-18 17:11 . 2012-06-18 17:11	--------	d-----w-	c:\program files\Fotoprix
2012-06-18 17:09 . 2012-06-18 17:09	--------	d-----w-	c:\users\***\AppData\Local\fontconfig
2012-06-18 17:08 . 2012-07-01 08:59	--------	d-----w-	c:\users\***\.gimp-2.8
2012-06-18 17:08 . 2012-06-18 17:08	--------	d-----w-	c:\users\***\AppData\Local\gegl-0.2
2012-06-18 17:04 . 2012-06-18 17:07	--------	d-----w-	c:\program files\GIMP 2
2012-06-17 16:17 . 2005-01-12 15:47	145152	----a-w-	c:\windows\system32\ImgXTwain61.dll
2012-06-17 16:17 . 2005-01-12 15:47	431864	----a-w-	c:\windows\system32\ImgX61.ocx
2012-06-17 16:17 . 2005-01-10 10:46	1179648	----a-w-	c:\windows\system32\AtalaImaging.dll
2012-06-17 16:17 . 2005-01-10 10:17	1208367	----a-w-	c:\windows\system32\ImgX61.dll
2012-06-17 16:17 . 2004-07-29 13:43	132232	----a-w-	c:\windows\system32\ImgXPrint61.dll
2012-06-17 16:17 . 2004-07-29 10:01	173136	----a-w-	c:\windows\system32\ImgXDialog61.dll
2012-06-17 16:17 . 2004-06-24 16:48	139264	----a-w-	c:\windows\system32\voltoCDX.dll
2012-06-17 16:17 . 2004-03-08 21:00	152848	----a-w-	c:\windows\system32\Comdlg32.ocx
2012-06-17 16:17 . 2004-04-07 10:14	212024	----a-w-	c:\windows\system32\BtnPlus1.ocx
2012-06-17 16:17 . 2012-06-17 16:17	--------	d-----w-	c:\program files\Cover Me
2012-06-17 16:14 . 2012-06-17 16:15	--------	d-----w-	c:\program files\CIPP
2012-06-17 16:12 . 2006-11-02 14:56	1908736	----a-w-	c:\users\***\CIPP.exe
2012-06-12 06:00 . 2012-06-12 06:00	--------	d-----w-	c:\users\***\AppData\Local\Macromedia
2012-06-11 17:27 . 2012-06-11 17:27	--------	d-----w-	c:\users\***\AppData\Roaming\EurekaLog
2012-06-11 07:31 . 2012-03-22 11:43	2557952	----a-w-	c:\windows\system32\QtCore4.dll
2012-06-11 07:31 . 2012-06-11 07:31	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2012-06-11 07:31 . 2012-06-11 07:31	--------	d-----w-	c:\program files\DVDVideoSoft
2012-06-11 07:30 . 2012-06-11 07:31	--------	d-----w-	c:\users\***\AppData\Roaming\DVDVideoSoft
2012-06-07 06:11 . 2012-06-07 06:11	100864	----a-w-	C:\agloypog.sys
2012-06-06 10:19 . 2012-06-06 10:19	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-06-06 10:19 . 2012-06-06 10:19	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-06 10:19 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-06 10:19 . 2012-06-06 10:19	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-05 11:41 . 2012-06-05 11:41	--------	d-----w-	c:\users\***\AppData\Roaming\Avira
2012-06-05 11:35 . 2012-04-27 08:20	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-06-05 11:35 . 2012-04-24 22:32	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-06-05 11:35 . 2012-04-16 19:17	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-06-05 11:35 . 2012-06-05 11:35	--------	d-----w-	c:\programdata\Avira
2012-06-05 11:35 . 2012-06-05 11:35	--------	d-----w-	c:\program files\Avira
2012-06-05 10:59 . 2012-06-05 11:01	--------	d-----w-	c:\windows\system32\catroot2
2012-06-05 10:55 . 2012-06-05 10:55	--------	d-----w-	c:\users\***\AppData\Roaming\InstallShield
2012-06-05 10:14 . 2012-06-05 10:14	--------	d--h--w-	c:\windows\system32\WLANProfiles
2012-06-05 10:13 . 2012-06-05 10:13	--------	d-----w-	c:\programdata\Intel
2012-06-05 10:11 . 2012-06-05 10:11	--------	d-----w-	c:\program files\Common Files\Intel
2012-06-05 10:11 . 2012-06-05 10:11	--------	d-----w-	c:\program files\Cisco
2012-06-05 10:06 . 2011-02-28 06:09	53248	----a-w-	c:\windows\system32\CSVer.dll
2012-06-05 10:06 . 2012-06-05 10:06	--------	d-----w-	C:\Intel
2012-06-05 10:05 . 2012-06-05 10:05	--------	d-----w-	c:\program files\SystemRequirementsLab
2012-06-05 10:03 . 2012-06-05 10:03	--------	d-----w-	c:\program files\Common Files\Java
2012-06-05 10:02 . 2012-05-04 17:29	772504	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-06-05 10:02 . 2012-05-04 17:29	687504	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-05 10:01 . 2012-06-19 16:53	--------	d-----w-	c:\program files\Java
2012-06-05 09:42 . 2012-06-05 09:42	--------	d-----w-	c:\programdata\Office Genuine Advantage
2012-06-02 14:57 . 2012-07-01 17:17	--------	d-----w-	c:\users\***\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 06:14 . 2012-03-31 14:35	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-23 06:14 . 2012-03-16 22:04	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-22 11:51 . 2012-04-22 11:51	592896	----a-w-	c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
2012-04-22 11:51 . 2012-05-21 17:32	18816	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys
2012-04-17 16:15 . 2012-04-17 16:15	2998784	----a-w-	c:\windows\system32\wlihvui.dll
2012-04-17 16:11 . 2012-04-17 16:11	1988096	----a-w-	c:\windows\system32\iwmssvc.dll
2012-05-10 21:34 . 2012-03-16 21:29	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
[-] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] . . c:\windows\System32\comctl32.dll
[-] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll
[-] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
[-] 2010-11-20 . 352B3DC62A0D259A82A052238425C872 . 1680896 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
[-] 2009-07-14 . B62AA1BB1F63839051441D2C6DD7B775 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_39727524394b18eb\comctl32.dll
[-] 2009-07-14 . B62AA1BB1F63839051441D2C6DD7B775 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5\comctl32.dll
[-] 2009-07-14 . 0FA436A553408CBEBA070E3182658DE3 . 1680896 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
.
[-] 2010-11-20 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7600.16385] . . c:\windows\System32\cryptsvc.dll
[-] 2010-11-20 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[-] 2009-07-14 . 9C231178CE4FB385F4B54B0A9080B8A4 . 135680 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
.
[-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] . . c:\windows\System32\es.dll
[-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll
.
[-] 2010-11-20 . 4A8E2F20809CC161107FAA94F6CF2685 . 118272 . . [6.1.7601.17514] . . c:\windows\System32\imm32.dll
[-] 2010-11-20 . 4A8E2F20809CC161107FAA94F6CF2685 . 118272 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_5e5d8801d8ad160d\imm32.dll
[-] 2009-07-14 . 5DF8132ADF721329234403189FC94E16 . 118272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_5c2c7439dbbe9273\imm32.dll
.
[-] 2011-07-16 . 921F8B3FF01501C9934CCB3C270833D7 . 868352 . . [6.1.7601.21772] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_960c0dc1cdddb3a2\kernel32.dll
[-] 2011-07-16 . 7E99A20C758ABB5AE89C7AEEA3A9AEB2 . 868352 . . [6.1.7600.16850] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_93afb334b78b3d5c\kernel32.dll
[-] 2011-07-16 . E570CBD732848438EAC574EB3442A2A8 . 868352 . . [6.1.7600.16385] . . c:\windows\System32\kernel32.dll
[-] 2011-07-16 . E570CBD732848438EAC574EB3442A2A8 . 868352 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_95971084b4b0c29f\kernel32.dll
[-] 2011-07-16 . 12DD18C6ECADEDB922E40B494D315206 . 868352 . . [6.1.7600.21010] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_946467d1d088a0a4\kernel32.dll
[-] 2010-11-20 . 5553784D774CA845380650E010BBDA2C . 857600 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1b9\kernel32.dll
[-] 2009-07-14 . 4605F7EE9805F7E1C98D6C959DD2949C . 857088 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_93943b64b79f1e1f\kernel32.dll
.
[-] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] . . c:\windows\System32\linkinfo.dll
[-] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_383b884006a7a723\linkinfo.dll
.
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\System32\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_a9a96e9bbbd9f2bd\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_a9fcef03bb9bc457\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_a9d3afe7bbba66c9\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_a9bd1577bbcb7cc9\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_aa2b3c58d4fcfa7d\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_aa517c7cd4e1092d\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_aa899444d4b6a4c2\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_abda8263b8c87657\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_aba3727db8f1e8b5\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_ac2e0f92d20ea1d6\lpk.dll
.
[-] 2012-03-17 . 497C9C3DB953A60EC4F43A097E15F75E . 12282368 . . [9.00.8112.16441] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_2bad15823c800473\mshtml.dll
[-] 2012-02-28 . F82BF2CB075B49E9FAB5FF213C45C020 . 12281856 . . [9.00.8112.16421] . . c:\windows\System32\mshtml.dll
[-] 2012-02-28 . F82BF2CB075B49E9FAB5FF213C45C020 . 12281856 . . [9.00.8112.16443] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_2baf16163c7e3721\mshtml.dll
[-] 2012-02-28 . B9E083B14B1994F1255983F2DF31C7DF . 12281856 . . [9.00.8112.20548] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_2c3db4535597559e\mshtml.dll
[-] 2011-12-16 . D829890A3CE83EE4332D2BE11755E590 . 5998080 . . [8.00.7601.21878] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21878_none_305185f610b833be\mshtml.dll
[-] 2011-12-16 . 65631F456004E4DF6ADD6F8C2550FEA2 . 5999104 . . [8.00.7600.16930] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16930_none_2e04c984fa5aed8c\mshtml.dll
[-] 2011-12-16 . BDB0402589BDD0D47D0CE9B2A0187D94 . 5997568 . . [8.00.7601.17744] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17744_none_2fe457c6f785dac5\mshtml.dll
[-] 2011-12-16 . 41ADBC5327BBDD802266B965B9DC9C9B . 6000640 . . [8.00.7600.21108] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21108_none_2eb6b0861359377d\mshtml.dll
[-] 2010-11-20 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_3004c3bef76d8ca4\mshtml.dll
[-] 2009-07-14 . 43592D31AFF84DD957199248898D9430 . 5957632 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_2dd3aff6fa7f090a\mshtml.dll
.
[-] 2011-12-16 . 2F740C4B458331357E825E94AFB0953A . 690688 . . [7.0.7601.21878] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_d3a962431672ddd2\msvcrt.dll
[-] 2011-12-16 . F8A61B2E713309B4616D107919BDAB6E . 690688 . . [7.0.7600.16930] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16930_none_d15ca5d2001597a0\msvcrt.dll
[-] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] . . c:\windows\System32\msvcrt.dll
[-] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_d33c3413fd4084d9\msvcrt.dll
[-] 2011-12-16 . 10142C1975202A767C0EDB3BC066FD88 . 690688 . . [7.0.7600.21108] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.21108_none_d20e8cd31913e191\msvcrt.dll
[-] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll
.
[-] 2010-11-20 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7600.16385] . . c:\windows\System32\mswsock.dll
[-] 2010-11-20 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[-] 2009-07-14 . 11A41F17527ED75D6B758FDD7F4FD00D . 232448 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
.
[-] 2010-11-20 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] . . c:\windows\System32\netlogon.dll
[-] 2010-11-20 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[-] 2009-07-14 . EAA75D9000B71F10EEC04D2AE6C60E81 . 563712 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
.
[-] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] . . c:\windows\System32\powrprof.dll
[-] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll
.
[-] 2010-11-20 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7600.16385] . . c:\windows\System32\scecli.dll
[-] 2010-11-20 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
[-] 2009-07-14 . 26073302DAEA83CC5B944C546D6B47D2 . 175616 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
.
[-] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] . . c:\windows\System32\sfc.dll
[-] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll
.
[-] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] . . c:\windows\System32\svchost.exe
[-] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
[-] 2010-11-20 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7600.16385] . . c:\windows\System32\tapisrv.dll
[-] 2010-11-20 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_e54442c74334b18a\tapisrv.dll
[-] 2009-07-14 . 2F46B0C70A4ADC8C90CF825DA3B4FEAF . 241664 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7600.16385_none_e3132eff46462df0\tapisrv.dll
.
[-] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[-] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[-] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
[-] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] . . c:\windows\System32\userinit.exe
[-] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[-] 2009-07-14 . 6DE80F60D7DE9CE6B8C2DDFDF79EF175 . 26112 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
.
[-] 2012-03-17 . 1D94FA7C81D2FFE494AF094619BA706F . 1127424 . . [9.00.8112.16441] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_1a52f663bc299b3d\wininet.dll
[-] 2012-02-28 . 44465367256D1C72B58F5ABAA19E7016 . 1127424 . . [9.00.8112.16421] . . c:\windows\System32\wininet.dll
[-] 2012-02-28 . 44465367256D1C72B58F5ABAA19E7016 . 1127424 . . [9.00.8112.16443] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_1a54f6f7bc27cdeb\wininet.dll
[-] 2012-02-28 . 11A34DCA08EB2A586246F2D6C2A81D58 . 1127424 . . [9.00.8112.20548] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_1ae39534d540ec68\wininet.dll
[-] 2011-12-16 . 808C0CE9D4DBC0A6F72761294EB10FB2 . 982016 . . [8.00.7601.21878] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21878_none_1ef766d79061ca88\wininet.dll
[-] 2011-12-16 . 653109C31F7F190072C9E4DF31154225 . 981504 . . [8.00.7600.16930] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16930_none_1caaaa667a048456\wininet.dll
[-] 2011-12-16 . BDB7450CC556F238FD973C9DA300FEB8 . 981504 . . [8.00.7601.17744] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17744_none_1e8a38a8772f718f\wininet.dll
[-] 2011-12-16 . 8DFDD881CEF74ED749BA968E060418CA . 982016 . . [8.00.7600.21108] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21108_none_1d5c91679302ce47\wininet.dll
[-] 2010-12-21 . 78B9ADA2BC8946AF7B17678E0D07A773 . 981504 . . [8.00.7600.16723] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_1cb8776479f9ba1c\wininet.dll
[-] 2010-12-21 . 1B3DD46BC6396143A205EAAF05F38039 . 981504 . . [8.00.7600.20862] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_1d15d4359338b053\wininet.dll
[-] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
[-] 2009-07-14 . 0D874F3BC751CC2198AF2E6783FB8B35 . 977920 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll
.
[-] 2010-11-20 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] . . c:\windows\System32\ws2_32.dll
[-] 2010-11-20 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[-] 2009-07-14 . DAAE8A9B8C0ACC7F858454132553C30D . 206336 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
.
[-] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] . . c:\windows\System32\ws2help.dll
[-] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\ws2help.dll
.
[-] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.20910] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[-] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16768] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[-] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7601.21669] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[-] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[-] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[-] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
[-] 2009-07-14 . 8A4883F5E7AC37444F23279239553878 . 398336 . . [6.1.7600.16385] . . c:\windows\regedit.exe
[-] 2009-07-14 . 8A4883F5E7AC37444F23279239553878 . 398336 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
.
[-] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] . . c:\windows\System32\ole32.dll
[-] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll
[-] 2009-07-14 . 4ACB903AD1693858A918907358CBD9E4 . 1412608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16385_none_abf3fd7f53a4f5f5\ole32.dll
.
[-] 2010-11-20 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] . . c:\windows\System32\usp10.dll
[-] 2010-11-20 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_af01e2f9b6be7939\usp10.dll
[-] 2009-07-14 . 0BA19F3198C40AC4E8CC66EE02EDA6C6 . 627200 . . [1.0626.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.16385_none_acd0cf31b9cff59f\usp10.dll
.
[-] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] . . c:\windows\System32\ksuser.dll
[-] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_e7d7f27ff89fda02\ksuser.dll
[-] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll
.
[-] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] . . c:\windows\System32\ctfmon.exe
[-] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
.
[-] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] . . c:\windows\System32\shsvcs.dll
[-] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_cf37c7157b2fafed\shsvcs.dll
[-] 2009-07-14 . CD2E48FA5B29EE2B3B5858056D246EF2 . 328192 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7600.16385_none_cd06b34d7e412c53\shsvcs.dll
.
[-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] . . c:\windows\System32\cngaudit.dll
[-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
.
[-] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] . . c:\windows\System32\wininit.exe
[-] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
.
[-] 2009-07-14 . CB9A8683F4EF2BF99E123D79950D7935 . 112640 . . [6.1.7600.16385] . . c:\windows\System32\regsvc.dll
[-] 2009-07-14 . CB9A8683F4EF2BF99E123D79950D7935 . 112640 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_893c5bdce4cae672\regsvc.dll
.
[-] 2010-11-20 . A04BB13F8A72F8B6E8B4071723E4E336 . 750592 . . [6.1.7600.16385] . . c:\windows\System32\schedsvc.dll
[-] 2010-11-20 . A04BB13F8A72F8B6E8B4071723E4E336 . 750592 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_3108887cf54491c3\schedsvc.dll
[-] 2009-07-14 . 3E8B0C453E25613A1F59762A5C42AA75 . 743424 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16385_none_2ed774b4f8560e29\schedsvc.dll
.
[-] 2009-07-14 . D887C9FD02AC9FA880F6E5027A43E118 . 162816 . . [6.1.7600.16385] . . c:\windows\System32\ssdpsrv.dll
[-] 2009-07-14 . D887C9FD02AC9FA880F6E5027A43E118 . 162816 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_7f9fc90f328bdf26\ssdpsrv.dll
.
[-] 2010-11-20 . 382C804C92811BE57829D8E550A900E2 . 521216 . . [6.1.7601.17514] . . c:\windows\System32\termsrv.dll
[-] 2010-11-20 . 382C804C92811BE57829D8E550A900E2 . 521216 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll
[-] 2009-07-14 . A01E50A04D7B1960B33E92B9080E6A94 . 543232 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll
.
[-] 2009-07-14 . 6383C60EC0133B14F5705F96369421B2 . 288256 . . [6.1.7600.16385] . . c:\windows\System32\hnetcfg.dll
[-] 2009-07-14 . 6383C60EC0133B14F5705F96369421B2 . 288256 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_b00c9bd7f5ed1c02\hnetcfg.dll
.
[-] 2009-07-14 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385] . . c:\windows\System32\appmgmts.dll
[-] 2009-07-14 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_81a53e87bd5d36aa\appmgmts.dll
.
[-] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] . . c:\windows\System32\ias.dll
[-] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7600.16385_none_f8d730c7a3d9d889\ias.dll
[-] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll
.
[-] 2010-11-20 03:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll
[-] 2010-11-20 03:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
[-] 2009-07-14 01:15 . F8742FC618ECBDA92A406725197E93AE . 924944 . . [4.1.6140] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16385_none_f2e96828b6e3cefa\mfc40u.dll
.
[-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] . . c:\windows\System32\upnphost.dll
[-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_c1be8a9895d79340\upnphost.dll
.
[-] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] . . c:\windows\System32\dsound.dll
[-] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll
.
[-] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] . . c:\windows\System32\d3d9.dll
[-] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll
[-] 2009-07-14 . 7459301D21C2E21468823F73042D9F87 . 1826816 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_c223c2c8c219cb6a\d3d9.dll
.
[-] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] . . c:\windows\System32\ddraw.dll
[-] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll
.
[-] 2010-11-20 03:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\System32\olepro32.dll
[-] 2010-11-20 03:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll
[-] 2009-07-14 01:16 . C10459DBDC2099C5A8428CB7D87DB85F . 90112 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7600.16385_none_39ea10b66307dbef\olepro32.dll
.
[-] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] . . c:\windows\System32\perfctrs.dll
[-] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_314993e6be6d6809\perfctrs.dll
.
[-] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] . . c:\windows\System32\version.dll
[-] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll
.
[-] 2009-07-14 . 55187FD710E27D5095D10A472C8BAF1C . 288768 . . [6.1.7600.16385] . . c:\windows\System32\w32time.dll
[-] 2009-07-14 . 55187FD710E27D5095D10A472C8BAF1C . 288768 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_887db9d2ce9e3aa0\w32time.dll
.
[-] 2010-11-20 . E1FB3706030FB4578A0D72C2FC3689E4 . 463360 . . [6.1.7600.16385] . . c:\windows\System32\wiaservc.dll
[-] 2010-11-20 . E1FB3706030FB4578A0D72C2FC3689E4 . 463360 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7601.17514_none_349ba4fd11957512\wiaservc.dll
[-] 2009-07-14 . A22825E7BB7018E8AF3E229A5AF17221 . 462336 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7600.16385_none_326a913514a6f178\wiaservc.dll
.
[-] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] . . c:\windows\System32\midimap.dll
[-] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll
.
[-] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] . . c:\windows\System32\rasadhlp.dll
[-] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_0fb054d9c6a6b4d4\rasadhlp.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	------w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	------w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	------w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-03-31 954256]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-31 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-03-31 3521424]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 55624]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-03-15 4392512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 804128]
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2012-3-17 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2011-07-14 14:48	100680	----a-w-	c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
R2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [x]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 NMSAccess32;NMSAccess32;c:\windows\system32\NMSAccess32.exe [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
R2 sesvc;ShadowExplorer Service;c:\program files\ShadowExplorer\sesvc.exe [x]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
R2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 NETwLv32;    Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 06:14]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-11 20:03]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-11 20:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 192.168.220.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q8lojr9q.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(536)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\conhost.exe
c:\windows\helppane.exe
c:\windows\system32\LOEFFE~1.SCR
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-02  11:48:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-02 09:48
.
Vor Suchlauf: 13 Verzeichnis(se), 167.151.943.680 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 174.381.162.496 Bytes frei
.
- - End Of File - - B59C1755E63A8986774DDA1BF7F9809D
--- --- ---
__________________
Alt 02.07.2012, 13:42   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner! (flirt-fever.de) - Standard

Verschlüsselungstrojaner! (flirt-fever.de)


Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.07.2012, 20:00   #20
ms_sh
 
Verschlüsselungstrojaner! (flirt-fever.de) - Standard

Verschlüsselungstrojaner! (flirt-fever.de)


Ok weiter geht's. Sach mal ich weiß die Hilfe ja echt zu schätzen und so aber wie viele von den Scans muss ich denn noch machen???


Alt 03.07.2012, 12:36   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner! (flirt-fever.de) - Standard

Verschlüsselungstrojaner! (flirt-fever.de)


Wir sind fast fertig
__________________
--> Verschlüsselungstrojaner! (flirt-fever.de)

Alt 03.07.2012, 19:29   #22
ms_sh
 
Verschlüsselungstrojaner! (flirt-fever.de) - Standard

Verschlüsselungstrojaner! (flirt-fever.de)


Hier der OSAM-Log, GMER läuft noch...

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:26:34 on 03.07.2012

OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 12.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "Microsoft Corporation" - C:\Windows\system32\autochk.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"appwiz.cpl" - "Microsoft Corporation" - C:\Windows\system32\appwiz.cpl
"bthprops.cpl" - "Microsoft Corporation" - C:\Windows\system32\bthprops.cpl
"collab.cpl" - "Microsoft Corporation" - C:\Windows\system32\collab.cpl
"desk.cpl" - "Microsoft Corporation" - C:\Windows\system32\desk.cpl
"Firewall.cpl" - "Microsoft Corporation" - C:\Windows\system32\Firewall.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"hdwwiz.cpl" - "Microsoft Corporation" - C:\Windows\system32\hdwwiz.cpl
"inetcpl.cpl" - "Microsoft Corporation" - C:\Windows\system32\inetcpl.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\Windows\system32\infocardcpl.cpl
"intl.cpl" - "Microsoft Corporation" - C:\Windows\system32\intl.cpl
"irprops.cpl" - "Microsoft Corporation" - C:\Windows\system32\irprops.cpl
"joy.cpl" - "Microsoft Corporation" - C:\Windows\system32\joy.cpl
"main.cpl" - "Microsoft Corporation" - C:\Windows\system32\main.cpl
"mmsys.cpl" - "Microsoft Corporation" - C:\Windows\system32\mmsys.cpl
"ncpa.cpl" - "Microsoft Corporation" - C:\Windows\system32\ncpa.cpl
"powercfg.cpl" - "Microsoft Corporation" - C:\Windows\system32\powercfg.cpl
"PWMCP32V.cpl" - "Lenovo Group Limited" - C:\Windows\system32\PWMCP32V.cpl
"sysdm.cpl" - "Microsoft Corporation" - C:\Windows\system32\sysdm.cpl
"TabletPC.cpl" - "Microsoft Corporation" - C:\Windows\system32\TabletPC.cpl
"telephon.cpl" - "Microsoft Corporation" - C:\Windows\system32\telephon.cpl
"timedate.cpl" - "Microsoft Corporation" - C:\Windows\system32\timedate.cpl
"TpShCPL.cpl" - "Lenovo." - C:\Windows\system32\TpShCPL.cpl
"wscui.cpl" - "Microsoft Corporation" - C:\Windows\system32\wscui.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\iproset.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
"wmdConn.cpl" - "Microsoft Corporation" - C:\Windows\WindowsMobile\wmdConn.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"    Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows Vista 32-Bit" (NETwLv32) - "Intel Corporation" - C:\Windows\System32\DRIVERS\NETwLv32.sys
"@%systemroot%\system32\appidsvc.dll,-102" (AppID) - "Microsoft Corporation" - C:\Windows\system32\drivers\appid.sys
"@%SystemRoot%\system32\bridgeres.dll,-1" (BridgeMP) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\bridge.sys
"@%systemroot%\system32\browser.dll,-102" (bowser) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\bowser.sys
"@%SystemRoot%\system32\clfs.sys,-100" (CLFS) - "Microsoft Corporation" - C:\Windows\System32\CLFS.sys
"@%systemroot%\system32\cscsvc.dll,-202" (CSC) - "Microsoft Corporation" - C:\Windows\System32\drivers\csc.sys
"@%systemroot%\system32\drivers\afd.sys,-1000" (AFD) - "Microsoft Corporation" - C:\Windows\system32\drivers\afd.sys
"@%systemroot%\system32\drivers\dfsc.sys,-101" (DfsC) - "Microsoft Corporation" - C:\Windows\System32\Drivers\dfsc.sys
"@%systemroot%\system32\drivers\discache.sys,-102" (discache) - "Microsoft Corporation" - C:\Windows\System32\drivers\discache.sys
"@%SystemRoot%\system32\drivers\fileinfo.sys,-100" (FileInfo) - "Microsoft Corporation" - C:\Windows\System32\drivers\fileinfo.sys
"@%SystemRoot%\system32\drivers\filetrace.sys,-10001" (Filetrace) - "Microsoft Corporation" - C:\Windows\System32\drivers\filetrace.sys
"@%SystemRoot%\system32\drivers\fltmgr.sys,-10001" (FltMgr) - "Microsoft Corporation" - C:\Windows\System32\drivers\fltmgr.sys
"@%SystemRoot%\system32\drivers\fsdepends.sys,-10001" (FsDepends) - "Microsoft Corporation" - C:\Windows\System32\drivers\FsDepends.sys
"@%SystemRoot%\system32\drivers\fvevol.sys,-100" (fvevol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fvevol.sys
"@%SystemRoot%\system32\drivers\http.sys,-1" (HTTP) - "Microsoft Corporation" - C:\Windows\System32\drivers\HTTP.sys
"@%systemroot%\system32\drivers\hwpolicy.sys,-101" (hwpolicy) - "Microsoft Corporation" - C:\Windows\System32\drivers\hwpolicy.sys
"@%SystemRoot%\system32\drivers\irenum.sys,-100" (IRENUM) - "Microsoft Corporation" - C:\Windows\System32\drivers\irenum.sys
"@%systemroot%\system32\drivers\luafv.sys,-100" (luafv) - "Microsoft Corporation" - C:\Windows\system32\drivers\luafv.sys
"@%SystemRoot%\system32\drivers\mountmgr.sys,-100" (mountmgr) - "Microsoft Corporation" - C:\Windows\System32\drivers\mountmgr.sys
"@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100" (mshidkmdf) - "Microsoft Corporation" - C:\Windows\System32\drivers\mshidkmdf.sys
"@%systemroot%\system32\drivers\mup.sys,-101" (Mup) - "Microsoft Corporation" - C:\Windows\System32\Drivers\mup.sys
"@%SystemRoot%\system32\drivers\ndis.sys,-200" (NDIS) - "Microsoft Corporation" - C:\Windows\System32\drivers\ndis.sys
"@%SystemRoot%\system32\drivers\netbt.sys,-2" (NetBT) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\netbt.sys
"@%SystemRoot%\system32\drivers\nsiproxy.sys,-2" (nsiproxy) - "Microsoft Corporation" - C:\Windows\System32\drivers\nsiproxy.sys
"@%SystemRoot%\System32\drivers\pacer.sys,-101" (Psched) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\pacer.sys
"@%SystemRoot%\system32\drivers\partmgr.sys,-100" (partmgr) - "Microsoft Corporation" - C:\Windows\System32\drivers\partmgr.sys
"@%SystemRoot%\system32\drivers\qwavedrv.sys,-1" (QWAVEdrv) - "Microsoft Corporation" - C:\Windows\system32\drivers\qwavedrv.sys
"@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100" (RDPCDD) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\RDPCDD.sys
"@%systemroot%\system32\drivers\RDPENCDD.sys,-101" (RDPENCDD) - "Microsoft Corporation" - C:\Windows\System32\drivers\rdpencdd.sys
"@%systemroot%\system32\drivers\RdpRefMp.sys,-101" (RDPREFMP) - "Microsoft Corporation" - C:\Windows\System32\drivers\rdprefmp.sys
"@%SystemRoot%\System32\drivers\scfilter.sys,-11" (scfilter) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\scfilter.sys
"@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101" (tssecsrv) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\tssecsrv.sys
"@%SystemRoot%\system32\drivers\tsusbflt.sys,-1" (TsUsbFlt) - "Microsoft Corporation" - C:\Windows\System32\drivers\tsusbflt.sys
"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys  (File not found)
"@%SystemRoot%\system32\drivers\volmgrx.sys,-100" (volmgrx) - "Microsoft Corporation" - C:\Windows\System32\drivers\volmgrx.sys
"@%SystemRoot%\System32\drivers\vwifibus.sys,-257" (vwifibus) - "Microsoft Corporation" - C:\Windows\System32\drivers\vwifibus.sys
"@%systemroot%\System32\drivers\ws2ifsl.sys,-1000" (ws2ifsl) - "Microsoft Corporation" - C:\Windows\system32\drivers\ws2ifsl.sys
"@%SystemRoot%\system32\FirewallAPI.dll,-23092" (mpsdrv) - "Microsoft Corporation" - C:\Windows\System32\drivers\mpsdrv.sys
"@%systemroot%\system32\rascfg.dll,-32000" (AsyncMac) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\asyncmac.sys
"@%systemroot%\system32\rascfg.dll,-32001" (NdisTapi) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ndistapi.sys
"@%systemroot%\system32\rascfg.dll,-32002" (NdisWan) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ndiswan.sys
"@%systemroot%\system32\rascfg.dll,-32005" (Rasl2tp) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rasl2tp.sys
"@%systemroot%\system32\rascfg.dll,-32006" (PptpMiniport) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\raspptp.sys
"@%systemroot%\system32\rascfg.dll,-32007" (RasPppoe) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\raspppoe.sys
"@%systemroot%\system32\rascfg.dll,-32011" (WANARP) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wanarp.sys
"@%systemroot%\system32\rascfg.dll,-32012" (Wanarpv6) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wanarp.sys
"@%systemroot%\system32\rascfg.dll,-32013" (IpFilterDriver) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ipfltdrv.sys
"@%systemroot%\system32\srvsvc.dll,-102" (srv) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\srv.sys
"@%systemroot%\system32\srvsvc.dll,-104" (srv2) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\srv2.sys
"@%systemroot%\system32\sstpsvc.dll,-202" (RasSstp) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rassstp.sys
"@%SystemRoot%\system32\tcpipcfg.dll,-50003" (Tcpip) - "Microsoft Corporation" - C:\Windows\System32\drivers\tcpip.sys
"@%SystemRoot%\system32\tcpipcfg.dll,-50004" (tdx) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\tdx.sys
"@%SystemRoot%\system32\tcpipcfg.dll,-50005" (Smb) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\smb.sys
"@%SystemRoot%\system32\vmbusres.dll,-1000" (vmbus) - "Microsoft Corporation" - C:\Windows\System32\drivers\vmbus.sys
"@%SystemRoot%\system32\vmstorfltres.dll,-1000" (storflt) - "Microsoft Corporation" - C:\Windows\System32\drivers\vmstorfl.sys
"@%systemroot%\system32\webclnt.dll,-104" (MRxDAV) - "Microsoft Corporation" - C:\Windows\system32\drivers\mrxdav.sys
"@%systemroot%\system32\wkssvc.dll,-1000" (rdbss) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rdbss.sys
"@%systemroot%\system32\wkssvc.dll,-1002" (mrxsmb) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mrxsmb.sys
"@%systemroot%\system32\wkssvc.dll,-1004" (mrxsmb10) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mrxsmb10.sys
"@%systemroot%\system32\wkssvc.dll,-1006" (mrxsmb20) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mrxsmb20.sys
"ACPI-Energieanzeigetreiber" (AcpiPmi) - "Microsoft Corporation" - C:\Windows\system32\drivers\acpipmi.sys
"ADI UAA Function Driver for High Definition Audio Service" (ADIHdAudAddService) - "Analog Devices, Inc." - C:\Windows\System32\drivers\ADIHdAud.sys
"adp94xx" (adp94xx) - "Adaptec, Inc." - C:\Windows\system32\DRIVERS\adp94xx.sys
"adpahci" (adpahci) - "Adaptec, Inc." - C:\Windows\system32\DRIVERS\adpahci.sys
"adpu320" (adpu320) - "Adaptec, Inc." - C:\Windows\system32\DRIVERS\adpu320.sys
"aic78xx" (aic78xx) - "Adaptec, Inc." - C:\Windows\system32\DRIVERS\djsvs.sys
"aliide" (aliide) - "Acer Laboratories Inc." - C:\Windows\system32\drivers\aliide.sys
"AMD AGP-Bus-Filtertreiber" (amdagp) - "Microsoft Corporation" - C:\Windows\system32\drivers\amdagp.sys
"AMD K8 Processor Driver" (AmdK8) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\amdk8.sys
"AMD Processor Driver" (AmdPPM) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\amdppm.sys
"amdide" (amdide) - "Microsoft Corporation" - C:\Windows\system32\drivers\amdide.sys
"amdsata" (amdsata) - "Advanced Micro Devices" - C:\Windows\system32\drivers\amdsata.sys
"amdsbs" (amdsbs) - "AMD Technologies Inc." - C:\Windows\system32\DRIVERS\amdsbs.sys
"amdxata" (amdxata) - "Advanced Micro Devices" - C:\Windows\System32\drivers\amdxata.sys
"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys
"APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\Windows\System32\DRIVERS\ApsHM86.sys
"arc" (arc) - "Adaptec, Inc." - C:\Windows\system32\DRIVERS\arc.sys
"arcsas" (arcsas) - "Adaptec, Inc." - C:\Windows\system32\DRIVERS\arcsas.sys
"atikmdag" (atikmdag) - "ATI Technologies Inc." - C:\Windows\System32\DRIVERS\atikmdag.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"Beep" (Beep) - "Microsoft Corporation" - C:\Windows\system32\drivers\Beep.sys
"blbdrive" (blbdrive) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\blbdrive.sys
"Bluetooth AVDT" (btwavdt) - "Broadcom Corporation." - C:\Windows\System32\DRIVERS\btwavdt.sys
"Bluetooth L2CAP Service" (btwl2cap) - "Broadcom Corporation." - C:\Windows\System32\DRIVERS\btwl2cap.sys
"Bluetooth Serial Communications Driver" (BTHMODEM) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\bthmodem.sys
"Bluetooth USB Filter" (btusbflt) - "Broadcom Corporation." - C:\Windows\System32\drivers\btusbflt.sys
"Bluetooth-Audiogerät" (btwaudio) - "Broadcom Corporation." - C:\Windows\System32\drivers\btwaudio.sys
"Bluetooth-Auflistungsdienst" (BthEnum) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\BthEnum.sys
"Bluetooth-Gerät (PAN)" (BthPan) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\bthpan.sys
"Bluetooth-Gerät (RFCOMM-Protokoll-TDI)" (RFCOMM) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rfcomm.sys
"Bluetooth-Porttreiber" (BTHPORT) - "Microsoft Corporation" - C:\Windows\System32\Drivers\BTHport.sys
"Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0" (b57nd60x) - "Broadcom Corporation" - C:\Windows\System32\DRIVERS\b57nd60x.sys
"Broadcom NetXtreme II 10 GigE VBD" (ebdrv) - "Broadcom Corporation" - C:\Windows\system32\DRIVERS\evbdx.sys
"Broadcom NetXtreme II VBD" (b06bdrv) - "Broadcom Corporation" - C:\Windows\system32\DRIVERS\bxvbdx.sys
"Brother MFC Serial Port Interface Driver (WDM)" (Brserid) - "Brother Industries Ltd." - C:\Windows\System32\Drivers\Brserid.sys
"Brother MFC USB Fax Only Modem" (BrUsbMdm) - "Brother Industries Ltd." - C:\Windows\System32\Drivers\BrUsbMdm.sys
"Brother MFC USB Serial WDM Driver" (BrUsbSer) - "Brother Industries Ltd." - C:\Windows\System32\Drivers\BrUsbSer.sys
"Brother USB Mass-Storage Lower Filter Driver" (BrFiltLo) - "Brother Industries, Ltd." - C:\Windows\system32\DRIVERS\BrFiltLo.sys
"Brother USB Mass-Storage Upper Filter Driver" (BrFiltUp) - "Brother Industries, Ltd." - C:\Windows\system32\DRIVERS\BrFiltUp.sys
"Brother WDM Serial driver" (BrSerWdm) - "Brother Industries Ltd." - C:\Windows\System32\Drivers\BrSerWdm.sys
"btwrchid" (btwrchid) - "Broadcom Corporation." - C:\Windows\System32\DRIVERS\btwrchid.sys
"Busenumeratortreiber für Verbundgeräte" (CompositeBus) - "Microsoft Corporation" - C:\Windows\system32\drivers\CompositeBus.sys
"Bustreiber für SBP2-Transport/Protokoll" (sbp2port) - "Microsoft Corporation" - C:\Windows\system32\drivers\sbp2port.sys
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"CD-ROM-Laufwerktreiber" (cdrom) - "Microsoft Corporation" - C:\Windows\system32\drivers\cdrom.sys
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"Cisco Systems VPN Adapter" (CVirtA) - "Cisco Systems, Inc." - C:\Windows\System32\DRIVERS\CVirtA.sys
"cmdide" (cmdide) - "CMD Technology, Inc." - C:\Windows\system32\drivers\cmdide.sys
"CNG" (CNG) - "Microsoft Corporation" - C:\Windows\System32\Drivers\cng.sys
"Consumer IR Devices" (circlass) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\circlass.sys
"Deterministic Network Enhancer Miniport" (DNE) - "Deterministic Networks, Inc." - C:\Windows\System32\DRIVERS\dne2000.sys
"DozeHDD" (DozeHDD) - "Lenovo." - C:\Windows\System32\DRIVERS\DozeHDD.sys
"eHome-Infrarotempfänger (USBCIR)" (usbcir) - "Microsoft Corporation" - C:\Windows\system32\drivers\usbcir.sys
"elxstor" (elxstor) - "Emulex" - C:\Windows\system32\DRIVERS\elxstor.sys
"Enumerator-Treiber für Microsoft Virtual Drive" (vdrvroot) - "Microsoft Corporation" - C:\Windows\System32\drivers\vdrvroot.sys
"exFAT File System Driver" (exfat) - "Microsoft Corporation" - C:\Windows\system32\drivers\exfat.sys
"FAT12/16/32 File System Driver" (fastfat) - "Microsoft Corporation" - C:\Windows\system32\drivers\fastfat.sys
"Floppy Disk Controller Driver" (fdc) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\fdc.sys
"Floppy Disk Driver" (flpydisk) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\flpydisk.sys
"Fs_Rec" (Fs_Rec) - "Microsoft Corporation" - C:\Windows\system32\drivers\Fs_Rec.sys
"GEAR ASPI Filter Driver" (GEARAspiWDM) - "GEAR Software Inc." - C:\Windows\System32\DRIVERS\GEARAspiWDM.sys
"Hauppauge Consumer Infrared Receiver" (hcw85cir) - "Hauppauge Computer Works, Inc." - C:\Windows\system32\drivers\hcw85cir.sys
"HID UPS Battery Driver" (HidBatt) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\HidBatt.sys
"High-Capacity Floppy Disk Drive" (sfloppy) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\sfloppy.sys
"HpSAMD" (HpSAMD) - "Hewlett-Packard Company" - C:\Windows\system32\drivers\HpSAMD.sys
"HSF_DPV" (HSF_DPV) - "Conexant Systems, Inc." - C:\Windows\System32\DRIVERS\HSX_DPV.sys
"HSXHWAZL" (HSXHWAZL) - "Conexant Systems, Inc." - C:\Windows\System32\DRIVERS\HSXHWAZL.sys
"i8042-Tastatur- und PS/2-Mausanschluss-Treiber" (i8042prt) - "Microsoft Corporation" - C:\Windows\system32\drivers\i8042prt.sys
"IBMPMDRV" (IBMPMDRV) - "Lenovo." - C:\Windows\System32\DRIVERS\ibmpmdrv.sys
"IDE-Kanal" (atapi) - "Microsoft Corporation" - C:\Windows\System32\drivers\atapi.sys
"iirsp" (iirsp) - "Intel Corp./ICP vortex GmbH" - C:\Windows\system32\DRIVERS\iirsp.sys
"Intel AGP-Bus-Filter" (agp440) - "Microsoft Corporation" - C:\Windows\system32\drivers\agp440.sys
"Intel AHCI Controller" (iaStor) - "Intel Corporation" - C:\Windows\System32\DRIVERS\iaStor.sys
"Intel RAID-Controller Windows 7" (iaStorV) - "Intel Corporation" - C:\Windows\system32\drivers\iaStorV.sys
"Intel(R) PRO/1000 PCI Express Network Connection Driver" (e1express) - "Intel Corporation" - C:\Windows\System32\DRIVERS\e1e6232.sys
"Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit" (netw5v32) - "Intel Corporation" - C:\Windows\System32\DRIVERS\netw5v32.sys
"Intel-Prozessortreiber" (intelppm) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\intelppm.sys
"intelide" (intelide) - "Microsoft Corporation" - C:\Windows\System32\drivers\intelide.sys
"Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter" (AMPPAL) - "Windows (R) Win 7 DDK provider" - C:\Windows\System32\DRIVERS\AMPPAL.sys
"Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll" (AMPPALP) - "Windows (R) Win 7 DDK provider" - C:\Windows\System32\DRIVERS\amppal.sys
"IP Network Address Translator" (IPNAT) - "Microsoft Corporation" - C:\Windows\System32\drivers\ipnat.sys
"IPMIDRV" (IPMIDRV) - "Microsoft Corporation" - C:\Windows\system32\drivers\IPMIDrv.sys
"IrDA-Protokoll" (irda) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\irda.sys
"isapnp" (isapnp) - "Microsoft Corporation" - C:\Windows\system32\drivers\isapnp.sys
"iScsiPort-Treiber" (iScsiPrt) - "Microsoft Corporation" - C:\Windows\system32\drivers\msiscsi.sys
"Kernel Mode Driver Frameworks service" (Wdf01000) - "Microsoft Corporation" - C:\Windows\System32\drivers\Wdf01000.sys
"KSecDD" (KSecDD) - "Microsoft Corporation" - C:\Windows\System32\Drivers\ksecdd.sys
"KSecPkg" (KSecPkg) - "Microsoft Corporation" - C:\Windows\System32\Drivers\ksecpkg.sys
"Laufwerktreiber" (Disk) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\disk.sys
"LDDM Graphics Subsystem" (DXGKrnl) - "Microsoft Corporation" - C:\Windows\System32\drivers\dxgkrnl.sys
"Lenovo Parties Service Access Device Driver" (psadd) - "Lenovo Information Product(ShenZhen China) Inc." - C:\Windows\System32\DRIVERS\psadd.sys
"Lenovo System Interface Driver" (lenovo.smi) - "Lenovo Group Limited" - C:\Windows\System32\DRIVERS\smiif32.sys
"Link-Layer Topology Discovery Mapper I/O Driver" (lltdio) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\lltdio.sys
"Link-Layer Topology Discovery Responder" (rspndr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rspndr.sys
"LSI_FC" (LSI_FC) - "LSI Corporation" - C:\Windows\system32\DRIVERS\lsi_fc.sys
"LSI_SAS" (LSI_SAS) - "LSI Corporation" - C:\Windows\system32\DRIVERS\lsi_sas.sys
"LSI_SAS2" (LSI_SAS2) - "LSI Corporation" - C:\Windows\system32\DRIVERS\lsi_sas2.sys
"LSI_SCSI" (LSI_SCSI) - "LSI Corporation" - C:\Windows\system32\DRIVERS\lsi_scsi.sys
"Maus-HID-Treiber" (mouhid) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mouhid.sys
"Mausklassentreiber" (mouclass) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mouclass.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mdmxsdk" (mdmxsdk) - "Conexant" - C:\Windows\System32\DRIVERS\mdmxsdk.sys
"megasas" (megasas) - "LSI Corporation" - C:\Windows\system32\DRIVERS\megasas.sys
"MegaSR" (MegaSR) - "LSI Corporation, Inc." - C:\Windows\system32\DRIVERS\MegaSR.sys
"Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst" (HdAudAddService) - "Microsoft Corporation" - C:\Windows\System32\drivers\HdAudio.sys
"Microsoft ACPI-Treiber" (ACPI) - "Microsoft Corporation" - C:\Windows\System32\drivers\ACPI.sys
"Microsoft AGPv3.5 Filter" (uagp35) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\uagp35.sys
"Microsoft Bluetooth HID Miniport" (HidBth) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\hidbth.sys
"Microsoft Composite Battery-Treiber" (Compbatt) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\compbatt.sys
"Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms" (gagp30kx) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\gagp30kx.sys
"Microsoft HID Class-Treiber" (HidUsb) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\hidusb.sys
"Microsoft Infrared HID Driver" (HidIr) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\hidir.sys
"Microsoft Input Configuration Driver" (MTConfig) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\MTConfig.sys
"Microsoft IntelliPoint Filter Driver" (Point32) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\point32.sys
"Microsoft IPv6 Protocol Driver" (TCPIP6) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\tcpip.sys
"Microsoft Monitor-Klassenfunktionstreiber-Dienst" (monitor) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\monitor.sys
"Microsoft Multipfad-Bustreiber" (mpio) - "Microsoft Corporation" - C:\Windows\system32\drivers\mpio.sys
"Microsoft Multipfadgeräte-spezifisches Modul" (msdsm) - "Microsoft Corporation" - C:\Windows\system32\drivers\msdsm.sys
"Microsoft Proxy für Streaming Clock" (MSPCLOCK) - "Microsoft Corporation" - C:\Windows\System32\drivers\MSPCLOCK.sys
"Microsoft Proxy für Streaming Quality Manager" (MSPQM) - "Microsoft Corporation" - C:\Windows\System32\drivers\MSPQM.sys
"Microsoft Standard-USB-Haupttreiber" (usbccgp) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbccgp.sys
"Microsoft Streaming Service Proxy" (MSKSSRV) - "Microsoft Corporation" - C:\Windows\System32\drivers\MSKSSRV.sys
"Microsoft Streaming Tee/Sink-to-Sink-Konvertierung" (MSTEE) - "Microsoft Corporation" - C:\Windows\System32\drivers\MSTEE.sys
"Microsoft Trusted Audio Drivers" (drmkaud) - "Microsoft Corporation" - C:\Windows\System32\drivers\drmkaud.sys
"Microsoft UMPass Driver" (UmPass) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\umpass.sys
"Microsoft USB-Druckerklasse" (usbprint) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbprint.sys
"Microsoft USB-Standardhubtreiber" (usbhub) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbhub.sys
"Microsoft Windows Management Interface for ACPI" (WmiAcpi) - "Microsoft Corporation" - C:\Windows\system32\drivers\wmiacpi.sys
"Microsoft-Hardwarefehler-Gerätetreiber" (ErrDev) - "Microsoft Corporation" - C:\Windows\system32\drivers\errdev.sys
"Microsoft-Systemverwaltungs-BIOS-Treiber" (mssmbios) - "Microsoft Corporation" - C:\Windows\system32\drivers\mssmbios.sys
"Microsoft-Tunnelminiport-Adaptertreiber" (tunnel) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\tunnel.sys
"Microsoft-UAA-Bustreiber für High Definition Audio" (HDAudBus) - "Microsoft Corporation" - C:\Windows\system32\drivers\HDAudBus.sys
"Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller" (usbehci) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbehci.sys
"Miniporttreiber für Microsoft USB Open Host-Controller" (usbohci) - "Microsoft Corporation" - C:\Windows\system32\drivers\usbohci.sys
"Miniporttreiber für universellen Microsoft USB-Hostcontroller" (usbuhci) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbuhci.sys
"Modem" (Modem) - "Microsoft Corporation" - C:\Windows\System32\drivers\modem.sys
"MS Hardware Device Detection Driver (USB)" (dc3d) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\dc3d.sys
"msahci" (msahci) - "Microsoft Corporation" - C:\Windows\System32\drivers\msahci.sys
"Msfs" (Msfs) - "Microsoft Corporation" - C:\Windows\system32\drivers\Msfs.sys
"msisadrv" (msisadrv) - "Microsoft Corporation" - C:\Windows\System32\drivers\msisadrv.sys
"MsRPC" (MsRPC) - "Microsoft Corporation" - C:\Windows\system32\drivers\MsRPC.sys
"NativeWiFi Filter" (NativeWifiP) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\nwifi.sys
"NDIS Capture LightWeight Filter" (NdisCap) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ndiscap.sys
"NDIS Usermode I/O Protocol" (Ndisuio) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ndisuio.sys
"NDProxy" (NDProxy) - "Microsoft Corporation" - C:\Windows\system32\drivers\NDProxy.sys
"NetBIOS Interface" (NetBIOS) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\netbios.sys
"nfrd960" (nfrd960) - "IBM Corporation" - C:\Windows\system32\DRIVERS\nfrd960.sys
"Nokia USB Communication Driver" (nmwcdc) - "Nokia" - C:\Windows\System32\drivers\ccdcmbo.sys
"Nokia USB Phone Parent Driver" (nmwcd) - "Nokia" - C:\Windows\System32\drivers\ccdcmb.sys
"Npfs" (Npfs) - "Microsoft Corporation" - C:\Windows\system32\drivers\Npfs.sys
"NSC Infrared Device Driver" (NSCIRDA) - "National Semiconductor Corporation" - C:\Windows\System32\DRIVERS\nscirda.sys
"Ntfs" (Ntfs) - "Microsoft Corporation" - C:\Windows\system32\drivers\Ntfs.sys
"Null" (Null) - "Microsoft Corporation" - C:\Windows\system32\drivers\Null.sys
"NVIDIA nForce AGP-Busfilter" (nv_agp) - "Microsoft Corporation" - C:\Windows\system32\drivers\nv_agp.sys
"nvraid" (nvraid) - "NVIDIA Corporation" - C:\Windows\system32\drivers\nvraid.sys
"nvstor" (nvstor) - "NVIDIA Corporation" - C:\Windows\system32\drivers\nvstor.sys
"OHCI-konformer 1394-Hostcontroller" (1394ohci) - "Microsoft Corporation" - C:\Windows\system32\drivers\1394ohci.sys
"OHCI-konformer 1394-Hostcontroller (alt)" (ohci1394) - "Microsoft Corporation" - C:\Windows\system32\drivers\ohci1394.sys
"Parvdm" (Parvdm) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\parvdm.sys
"PCI-Bus-Treiber" (pci) - "Microsoft Corporation" - C:\Windows\System32\drivers\pci.sys
"pciide" (pciide) - "Microsoft Corporation" - C:\Windows\system32\drivers\pciide.sys
"pcmcia" (pcmcia) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\pcmcia.sys
"PEAUTH" (PEAUTH) - "Microsoft Corporation" - C:\Windows\System32\drivers\peauth.sys
"Performance Counters for Windows Driver" (pcw) - "Microsoft Corporation" - C:\Windows\System32\drivers\pcw.sys
"Processor Driver" (Processor) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\processr.sys
"ql2300" (ql2300) - "QLogic Corporation" - C:\Windows\system32\DRIVERS\ql2300.sys
"ql40xx" (ql40xx) - "QLogic Corporation" - C:\Windows\system32\DRIVERS\ql40xx.sys
"RDP Winstation Driver" (RDPWD) - "Microsoft Corporation" - C:\Windows\system32\drivers\RDPWD.sys
"ReadyBoost" (rdyboost) - "Microsoft Corporation" - C:\Windows\System32\drivers\rdyboost.sys
"Remote Access Auto Connection Driver" (RasAcd) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rasacd.sys
"Remote Desktop Device Redirector Bus Driver" (rdpbus) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rdpbus.sys
"Remote Desktop Video Miniport Driver" (RdpVideoMiniport) - "Microsoft Corporation" - C:\Windows\System32\drivers\rdpvideominiport.sys
"s3cap" (s3cap) - "Microsoft Corporation" - C:\Windows\system32\drivers\vms3cap.sys
"Security Driver" (secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - C:\Windows\system32\drivers\secdrv.sys
"Security Processor Loader Driver" (spldr) - "Microsoft Corporation" - C:\Windows\system32\drivers\spldr.sys
"Serenum-Filtertreiber" (Serenum) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\serenum.sys
"Serial Mouse Driver" (sermouse) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\sermouse.sys
"SFF-Speicherklassentreiber" (sffdisk) - "Microsoft Corporation" - C:\Windows\system32\drivers\sffdisk.sys
"SFF-Speicherprotokolltreiber für MMC" (sffp_mmc) - "Microsoft Corporation" - C:\Windows\system32\drivers\sffp_mmc.sys
"SFF-Speicherprotokolltreiber für SDBus" (sffp_sd) - "Microsoft Corporation" - C:\Windows\system32\drivers\sffp_sd.sys
"Shockprf" (Shockprf) - "Lenovo." - C:\Windows\System32\DRIVERS\Apsx86.sys
"SIS AGP-Bus-Filter" (sisagp) - "Microsoft Corporation" - C:\Windows\system32\drivers\sisagp.sys
"SiSRaid2" (SiSRaid2) - "Silicon Integrated Systems Corp." - C:\Windows\system32\DRIVERS\SiSRaid2.sys
"SiSRaid4" (SiSRaid4) - "Silicon Integrated Systems" - C:\Windows\system32\DRIVERS\sisraid4.sys
"SMI Helper Driver (smihlp)" (smihlp) - "Authentec Inc." - C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
"Software-Bus-Treiber" (swenum) - "Microsoft Corporation" - C:\Windows\system32\drivers\swenum.sys
"Speichervolumes" (volsnap) - "Microsoft Corporation" - C:\Windows\System32\drivers\volsnap.sys
"SrvHsfHDA" (SrvHsfHDA) - "Conexant Systems, Inc." - C:\Windows\System32\DRIVERS\VSTAZL3.SYS
"SrvHsfV92" (SrvHsfV92) - "Conexant Systems, Inc." - C:\Windows\System32\DRIVERS\VSTDPV3.SYS
"SrvHsfWinac" (SrvHsfWinac) - "Conexant Systems, Inc." - C:\Windows\System32\DRIVERS\VSTCNXT3.SYS
"srvnet" (srvnet) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\srvnet.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"stexstor" (stexstor) - "Promise Technology" - C:\Windows\system32\DRIVERS\stexstor.sys
"storvsc" (storvsc) - "Microsoft Corporation" - C:\Windows\system32\drivers\storvsc.sys
"Synaptics TouchPad Driver" (SynTP) - "Synaptics Incorporated" - C:\Windows\System32\DRIVERS\SynTP.sys
"Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys  (File not found)
"Tastatur-HID-Treiber" (kbdhid) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\kbdhid.sys
"Tastaturklassentreiber" (kbdclass) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\kbdclass.sys
"TCP/IP Registry Compatibility" (tcpipreg) - "Microsoft Corporation" - C:\Windows\System32\drivers\tcpipreg.sys
"TDPIPE" (TDPIPE) - "Microsoft Corporation" - C:\Windows\System32\drivers\tdpipe.sys
"TDTCP" (TDTCP) - "Microsoft Corporation" - C:\Windows\System32\drivers\tdtcp.sys
"Terminal Server Device Redirector Driver" (RDPDR) - "Microsoft Corporation" - C:\Windows\System32\drivers\rdpdr.sys
"Terminal-Gerätetreiber" (TermDD) - "Microsoft Corporation" - C:\Windows\system32\drivers\termdd.sys
"TPM" (TPM) - "Microsoft Corporation" - C:\Windows\System32\drivers\tpm.sys
"TPPWRIF" (TPPWRIF) - "Lenovo Group Limited" - C:\Windows\System32\drivers\Tppwr32v.sys
"Treiber für Microsoft-ACPI-Kontrollmethodenkompatiblen Akku" (CmBatt) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\CmBatt.sys
"Treiber für parallelen Anschluss" (Parport) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\parport.sys
"Treiber für seriellen Anschluss" (Serial) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\serial.sys
"Treiber für Volume-Manager" (volmgr) - "Microsoft Corporation" - C:\Windows\System32\drivers\volmgr.sys
"Uli AGP-Bus-Filter" (uliagpkx) - "Microsoft Corporation" - C:\Windows\system32\drivers\uliagpkx.sys
"UMBusenumerator-Treiber" (umbus) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\umbus.sys
"upperdev" (upperdev) - "Nokia" - C:\Windows\System32\DRIVERS\usbser_lowerflt.sys
"USB-Massenspeichertreiber" (USBSTOR) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\USBSTOR.SYS
"USB-Treiber für Bluetooth-Funkgerät" (BTHUSB) - "Microsoft Corporation" - C:\Windows\System32\Drivers\BTHUSB.sys
"UsbserFilt" (UsbserFilt) - "Nokia" - C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys
"User Mode Driver Frameworks Platform Driver" (WudfPf) - "Microsoft Corporation" - C:\Windows\System32\drivers\WudfPf.sys
"vga" (vga) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\vgapnp.sys
"VgaSave" (VgaSave) - "Microsoft Corporation" - C:\Windows\System32\drivers\vga.sys
"VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys  (File not found)
"vhdmp" (vhdmp) - "Microsoft Corporation" - C:\Windows\system32\drivers\vhdmp.sys
"VIA AGP-Bus-Filter" (viaagp) - "Microsoft Corporation" - C:\Windows\system32\drivers\viaagp.sys
"VIA C7 Processor Driver" (ViaC7) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\viac7.sys
"viaide" (viaide) - "VIA Technologies, Inc." - C:\Windows\system32\drivers\viaide.sys
"VMBusHID" (VMBusHID) - "Microsoft Corporation" - C:\Windows\system32\drivers\VMBusHID.sys
"vsmraid" (vsmraid) - "VIA Technologies Inc.,Ltd" - C:\Windows\system32\DRIVERS\vsmraid.sys
"Wacom Serial Pen HID Driver" (WacomPen) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\wacompen.sys
"WAN Miniport (IKEv2)" (RasAgileVpn) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\AgileVpn.sys
"Wd" (Wd) - "Microsoft Corporation" - C:\Windows\system32\DRIVERS\wd.sys
"WFP Lightweight Filter" (WfpLwf) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wfplwf.sys
"WIMMount" (WIMMount) - "Microsoft Corporation" - C:\Windows\System32\drivers\wimmount.sys
"winachsf" (winachsf) - "Conexant Systems, Inc." - C:\Windows\System32\DRIVERS\HSX_CNXT.sys
"Windows Driver Foundation - User-mode Driver Framework Reflector" (WUDFRd) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\WUDFRd.sys
"WinUsb-Treiber" (WinUsb) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\WinUSB.sys
"XAudio" (XAudio) - "Conexant Systems, Inc." - C:\Windows\System32\DRIVERS\xaudio.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} "Browser Customizations" - "Microsoft Corporation" - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
>{26923b43-4d38-484f-9b9e-de460746276c} "Internet Explorer" - "Microsoft Corporation" - C:\Windows\System32\ie4uinit.exe -UserIconConfig
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Windows" - "Microsoft Corporation" - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - %SystemRoot%\system32\unregmp2.exe /ShowWMP
{6BF52A52-394A-11d3-B153-00C04F79FAA6} "Microsoft Windows Media Player" - "Microsoft Corporation" - %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
{89820200-ECBD-11cf-8B85-00AA005B4383} "Web Platform Customizations" - "Microsoft Corporation" - C:\Windows\System32\ie4uinit.exe -BaseSettings
{89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop Update" - "Microsoft Corporation" - regsvr32.exe /s /n /i:U shell32.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - "The Document Foundation" - C:\Program Files\LibreOffice 3.5\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\Windows\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\Windows\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\Windows\system32\mscoree.dll
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3dd53d40-7b8b-11D0-b013-00aa0059ce02} "CDL: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\system32\urlmon.dll
{12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\System32\msvidctl.dll
{79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\system32\urlmon.dll
{79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\system32\urlmon.dll
{79eac9e3-baf9-11ce-8c82-00aa004ba90b} "ftp: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\system32\urlmon.dll
{79eac9e2-baf9-11ce-8c82-00aa004ba90b} "http: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\system32\urlmon.dll
{79eac9e5-baf9-11ce-8c82-00aa004ba90b} "https: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\system32\urlmon.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{05300401-BCBC-11d0-85E3-00C04FD85AB4} "MHTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\system32\inetcomm.dll
{3050F406-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML About Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\System32\mshtml.dll
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\System32\mshtml.dll
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\System32\mshtml.dll
{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Mailto Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\System32\mshtml.dll
{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Resource Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\System32\mshtml.dll
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\Windows\System32\itss.dll
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\Windows\System32\itss.dll
{79eac9e6-baf9-11ce-8c82-00aa004ba90b} "mk: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\system32\urlmon.dll
{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\System32\msvidctl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplact.dll
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? - C:\Windows\system32\wuaucpl.cpl  (File not found)
{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{7D559C10-9FE9-11d0-93F7-00AA0059CE02} "Code Download Agent" - "Microsoft Corporation" - C:\Windows\System32\webcheck.dll
{00C6D95F-329C-409a-81D7-C46C66EA7F33} "DefaultLocation" - "Microsoft Corporation" - C:\Windows\System32\shdocvw.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplsens.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "LibreOffice Property Handler" - "The Document Foundation" - C:\Program Files\LibreOffice 3.5\program\shlxthdl\propertyhdl.dll
{80009818-f38f-4af1-87b5-eadab9433e58} "MF ADTS Property Handler" - "Microsoft Corporation" - C:\Windows\System32\mf.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\MLSHEXT.DLL
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{F5175861-2688-11d0-9C5E-00AA00A45957} "Subscription Folder" - "Microsoft Corporation" - C:\Windows\System32\webcheck.dll
{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} "Subscription Mgr" - "Microsoft Corporation" - C:\Windows\System32\webcheck.dll
{2F603045-309F-11CF-9774-0020AFD0CFF6} "Synaptics Control Panel" - "Synaptics Incorporated" - C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
{C533AB49-9805-4972-8326-A084696B00F0} "Touch Mouse Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcpltouchmouse.dll
{1184D0ED-DBCE-4170-8DBB-4D0C3905DA85} "Touch Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcpltouch.dll
{7834E880-F0CC-4FA7-B4F3-FDB0F4E816A5} "Touch Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcpltouchstrip.dll
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\Windows\system32\webcheck.dll
{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} "WebCheck SyncMgr Handler" - "Microsoft Corporation" - C:\Windows\System32\webcheck.dll
{08165EA0-E946-11CF-9C87-00AA005127ED} "WebCheckWebCrawler" - "Microsoft Corporation" - C:\Windows\System32\webcheck.dll
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll
{36eef7db-88ad-4e81-ad49-0e313f0c35f8} "Windows Update" - "Microsoft Corporation" - C:\Windows\system32\shdocvw.dll
{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplwir.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\Windows\system32\webcheck.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\Windows\System32\ieframe.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} "SysInfo Class" - "Husdawg, LLC" - C:\Program Files\SystemRequirementsLab\srldetect_intel_4.5.5.0.dll / hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{609D670F-B735-4da7-AC6D-F3BD358E325E} "Citavi Picker" - "Microsoft Corporation" - C:\Windows\system32\mscoree.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
{609D670F-B735-4da7-AC6D-F3BD358E325E} "SwissAcademic.Citavi.Picker.IEPicker" - "Microsoft Corporation" - C:\Windows\system32\mscoree.dll

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"advapi32" - "Microsoft Corporation" - C:\Windows\system32\advapi32.dll
"clbcatq" - "Microsoft Corporation" - C:\Windows\system32\clbcatq.dll
"COMDLG32" - "Microsoft Corporation" - C:\Windows\system32\COMDLG32.dll
"DifxApi" - "Microsoft Corporation" - C:\Windows\system32\difxapi.dll
"gdi32" - "Microsoft Corporation" - C:\Windows\system32\gdi32.dll
"IERTUTIL" - "Microsoft Corporation" - C:\Windows\system32\IERTUTIL.dll
"IMAGEHLP" - "Microsoft Corporation" - C:\Windows\system32\IMAGEHLP.dll
"IMM32" - "Microsoft Corporation" - C:\Windows\system32\IMM32.dll
"kernel32" - "Microsoft Corporation" - C:\Windows\system32\kernel32.dll
"LPK" - "Microsoft Corporation" - C:\Windows\system32\LPK.dll
"MSCTF" - "Microsoft Corporation" - C:\Windows\system32\MSCTF.dll
"MSVCRT" - "Microsoft Corporation" - C:\Windows\system32\MSVCRT.dll
"NORMALIZ" - "Microsoft Corporation" - C:\Windows\system32\NORMALIZ.dll
"NSI" - "Microsoft Corporation" - C:\Windows\system32\NSI.dll
"ole32" - "Microsoft Corporation" - C:\Windows\system32\ole32.dll
"OLEAUT32" - "Microsoft Corporation" - C:\Windows\system32\OLEAUT32.dll
"PSAPI" - "Microsoft Corporation" - C:\Windows\system32\PSAPI.DLL
"rpcrt4" - "Microsoft Corporation" - C:\Windows\system32\rpcrt4.dll
"sechost" - "Microsoft Corporation" - C:\Windows\system32\sechost.dll
"Setupapi" - "Microsoft Corporation" - C:\Windows\system32\Setupapi.dll
"SHELL32" - "Microsoft Corporation" - C:\Windows\system32\SHELL32.dll
"SHLWAPI" - "Microsoft Corporation" - C:\Windows\system32\SHLWAPI.dll
"URLMON" - "Microsoft Corporation" - C:\Windows\system32\URLMON.dll
"user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll
"USP10" - "Microsoft Corporation" - C:\Windows\system32\USP10.dll
"WININET" - "Microsoft Corporation" - C:\Windows\system32\WININET.dll
"WLDAP32" - "Microsoft Corporation" - C:\Windows\system32\WLDAP32.dll
"WS2_32" - "Microsoft Corporation" - C:\Windows\system32\WS2_32.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Microsoft Corporation" - C:\Windows\system32\msv1_0.dll
"Notification packages" - "Microsoft Corporation" - C:\Windows\system32\scecli.dll
"Notification packages" - "Authentec Inc." - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\kerberos.dll
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\msv1_0.dll
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\schannel.dll
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\wdigest.dll
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\tspkg.dll
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\pku2u.dll
-----( HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders )-----
"SecurityProviders" - "Microsoft Corporation" - C:\Windows\system32\credssp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"KiesHelper" - "Samsung" - C:\Program Files\Samsung\Kies\KiesHelper.exe /s
"KiesPDLR" - ? - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - C:\Windows\Explorer.exe
"Userinit" - "Microsoft Corporation" - C:\Windows\system32\userinit.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - "Microsoft Corporation" - C:\Windows\system32\rdpclip.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AcWin7Hlpr" - "Lenovo" - C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BCSSync" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"IntelliPoint" - "Microsoft Corporation" - "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"PSQLLauncher" - "Authentec Inc." - "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
"PWMTRV" - "Lenovo Group Limited" - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SoundMAXPnP" - "Analog Devices, Inc." - C:\Program Files\Analog Devices\Core\smax4pnp.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SynTPEnh" - "Synaptics Incorporated" - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
"TpShocks" - "Lenovo." - TpShocks.exe
"Windows Mobile Device Center" - "Microsoft Corporation" - %windir%\WindowsMobile\wmdc.exe

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Microsoft Terminal Services" - "Microsoft Corporation" - C:\Windows\System32\drprov.dll
"Microsoft Windows Network" - "Microsoft Corporation" - C:\Windows\System32\ntlanman.dll
"Web Client Network" - "Microsoft Corporation" - C:\Windows\System32\davclnt.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"LIDIL hpzlllhn" - "Hewlett-Packard Company" - C:\Windows\system32\hpzlllhn.dll
"Local Port" - "Microsoft Corporation" - C:\Windows\system32\localspl.dll
"Microsoft Shared Fax Monitor" - "Microsoft Corporation" - C:\Windows\system32\FXSMON.DLL
"pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll
"Standard TCP/IP Port" - "Microsoft Corporation" - C:\Windows\system32\tcpmon.dll
"USB Monitor" - "Microsoft Corporation" - C:\Windows\system32\usbmon.dll
"WSD Port" - "Microsoft Corporation" - C:\Windows\system32\WSDMon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - "Microsoft Corporation" - C:\Program Files\Windows Defender\mpsvc.dll
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - "Microsoft Corporation" - C:\Program Files\Windows Media Player\wmpnetwk.exe
"@%SystemRoot%\ehome\ehrecvr.exe,-101" (ehRecvr) - "Microsoft Corporation" - C:\Windows\ehome\ehRecvr.exe
"@%SystemRoot%\ehome\ehsched.exe,-101" (ehSched) - "Microsoft Corporation" - C:\Windows\ehome\ehsched.exe
"@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193" (idsvc) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"@%SystemRoot%\servicing\TrustedInstaller.exe,-100" (TrustedInstaller) - "Microsoft Corporation" - C:\Windows\servicing\TrustedInstaller.exe
"@%SystemRoot%\system32\aelupsvc.dll,-1" (AeLookupSvc) - "Microsoft Corporation" - C:\Windows\System32\aelupsvc.dll
"@%SystemRoot%\system32\Alg.exe,-112" (ALG) - "Microsoft Corporation" - C:\Windows\System32\alg.exe
"@%systemroot%\system32\appidsvc.dll,-100" (AppIDSvc) - "Microsoft Corporation" - C:\Windows\System32\appidsvc.dll
"@%systemroot%\system32\appinfo.dll,-100" (Appinfo) - "Microsoft Corporation" - C:\Windows\System32\appinfo.dll
"@%SystemRoot%\system32\audiosrv.dll,-200" (Audiosrv) - "Microsoft Corporation" - C:\Windows\System32\Audiosrv.dll
"@%SystemRoot%\system32\audiosrv.dll,-204" (AudioEndpointBuilder) - "Microsoft Corporation" - C:\Windows\System32\Audiosrv.dll
"@%SystemRoot%\system32\AxInstSV.dll,-103" (AxInstSV) - "Microsoft Corporation" - C:\Windows\System32\AxInstSV.dll
"@%SystemRoot%\system32\bdesvc.dll,-100" (BDESVC) - "Microsoft Corporation" - C:\Windows\System32\bdesvc.dll
"@%SystemRoot%\system32\bfe.dll,-1001" (BFE) - "Microsoft Corporation" - C:\Windows\System32\bfe.dll
"@%systemroot%\system32\browser.dll,-100" (Browser) - "Microsoft Corporation" - C:\Windows\System32\browser.dll
"@%SystemRoot%\System32\bthserv.dll,-101" (bthserv) - "Microsoft Corporation" - C:\Windows\system32\bthserv.dll
"@%SystemRoot%\System32\certprop.dll,-11" (CertPropSvc) - "Microsoft Corporation" - C:\Windows\System32\certprop.dll
"@%SystemRoot%\System32\certprop.dll,-13" (SCPolicySvc) - "Microsoft Corporation" - C:\Windows\System32\certprop.dll
"@%SystemRoot%\system32\cryptsvc.dll,-1001" (CryptSvc) - "Microsoft Corporation" - C:\Windows\system32\cryptsvc.dll
"@%systemroot%\system32\cscsvc.dll,-200" (CscService) - "Microsoft Corporation" - C:\Windows\System32\cscsvc.dll
"@%SystemRoot%\system32\defragsvc.dll,-101" (defragsvc) - "Microsoft Corporation" - C:\Windows\System32\defragsvc.dll
"@%SystemRoot%\system32\dhcpcore.dll,-100" (Dhcp) - "Microsoft Corporation" - C:\Windows\system32\dhcpcore.dll
"@%SystemRoot%\System32\dnsapi.dll,-101" (Dnscache) - "Microsoft Corporation" - C:\Windows\System32\dnsrslvr.dll
"@%systemroot%\system32\dot3svc.dll,-1102" (dot3svc) - "Microsoft Corporation" - C:\Windows\System32\dot3svc.dll
"@%systemroot%\system32\dps.dll,-500" (DPS) - "Microsoft Corporation" - C:\Windows\system32\dps.dll
"@%SystemRoot%\system32\dwm.exe,-2000" (UxSms) - "Microsoft Corporation" - C:\Windows\System32\uxsms.dll
"@%systemroot%\system32\eapsvc.dll,-1" (EapHost) - "Microsoft Corporation" - C:\Windows\System32\eapsvc.dll
"@%SystemRoot%\system32\efssvc.dll,-100" (EFS) - "Microsoft Corporation" - C:\Windows\System32\lsass.exe
"@%systemroot%\system32\fdPHost.dll,-100" (fdPHost) - "Microsoft Corporation" - C:\Windows\system32\fdPHost.dll
"@%systemroot%\system32\fdrespub.dll,-100" (FDResPub) - "Microsoft Corporation" - C:\Windows\system32\fdrespub.dll
"@%SystemRoot%\system32\FirewallAPI.dll,-23090" (MpsSvc) - "Microsoft Corporation" - C:\Windows\system32\mpssvc.dll
"@%systemroot%\system32\FntCache.dll,-100" (FontCache) - "Microsoft Corporation" - C:\Windows\system32\FntCache.dll
"@%systemroot%\system32\fxsresm.dll,-118" (Fax) - "Microsoft Corporation" - C:\Windows\system32\fxssvc.exe
"@%SystemRoot%\System32\hidserv.dll,-101" (hidserv) - "Microsoft Corporation" - C:\Windows\System32\hidserv.dll
"@%SystemRoot%\system32\ikeext.dll,-501" (IKEEXT) - "Microsoft Corporation" - C:\Windows\System32\ikeext.dll
"@%systemroot%\system32\IPBusEnum.dll,-102" (IPBusEnum) - "Microsoft Corporation" - C:\Windows\system32\ipbusenum.dll
"@%SystemRoot%\system32\iphlpsvc.dll,-500" (iphlpsvc) - "Microsoft Corporation" - C:\Windows\System32\iphlpsvc.dll
"@%SystemRoot%\system32\ipnathlp.dll,-106" (SharedAccess) - "Microsoft Corporation" - C:\Windows\System32\ipnathlp.dll
"@%SystemRoot%\System32\irmon.dll,-2000" (Irmon) - "Microsoft Corporation" - C:\Windows\System32\irmon.dll
"@%SystemRoot%\system32\iscsidsc.dll,-5000" (MSiSCSI) - "Microsoft Corporation" - C:\Windows\system32\iscsiexe.dll
"@%SystemRoot%\system32\kmsvc.dll,-6" (hkmsvc) - "Microsoft Corporation" - C:\Windows\system32\kmsvc.dll
"@%SystemRoot%\System32\ListSvc.dll,-100" (HomeGroupListener) - "Microsoft Corporation" - C:\Windows\system32\ListSvc.dll
"@%SystemRoot%\system32\lltdres.dll,-1" (lltdsvc) - "Microsoft Corporation" - C:\Windows\System32\lltdsvc.dll
"@%SystemRoot%\system32\lmhsvc.dll,-101" (lmhosts) - "Microsoft Corporation" - C:\Windows\System32\lmhsvc.dll
"@%systemroot%\system32\Locator.exe,-2" (RpcLocator) - "Microsoft Corporation" - C:\Windows\system32\locator.exe
"@%systemroot%\system32\mmcss.dll,-100" (MMCSS) - "Microsoft Corporation" - C:\Windows\system32\mmcss.dll
"@%systemroot%\system32\mmcss.dll,-102" (THREADORDER) - "Microsoft Corporation" - C:\Windows\system32\mmcss.dll
"@%SystemRoot%\system32\msimsg.dll,-27" (msiserver) - "Microsoft Corporation" - C:\Windows\system32\msiexec.exe
"@%SystemRoot%\System32\netlogon.dll,-102" (Netlogon) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe
"@%SystemRoot%\system32\netman.dll,-109" (Netman) - "Microsoft Corporation" - C:\Windows\System32\netman.dll
"@%SystemRoot%\system32\netprofm.dll,-202" (netprofm) - "Microsoft Corporation" - C:\Windows\System32\netprofm.dll
"@%SystemRoot%\System32\nlasvc.dll,-1" (NlaSvc) - "Microsoft Corporation" - C:\Windows\System32\nlasvc.dll
"@%SystemRoot%\system32\nsisvc.dll,-200" (nsi) - "Microsoft Corporation" - C:\Windows\system32\nsisvc.dll
"@%SystemRoot%\system32\p2psvc.dll,-8006" (p2psvc) - "Microsoft Corporation" - C:\Windows\system32\p2psvc.dll
"@%SystemRoot%\system32\pcasvc.dll,-1" (PcaSvc) - "Microsoft Corporation" - C:\Windows\System32\pcasvc.dll
"@%SystemRoot%\system32\peerdistsvc.dll,-9000" (PeerDistSvc) - "Microsoft Corporation" - C:\Windows\system32\peerdistsvc.dll
"@%systemroot%\system32\pla.dll,-500" (pla) - "Microsoft Corporation" - C:\Windows\system32\pla.dll
"@%SystemRoot%\system32\pnrpauto.dll,-8002" (PNRPAutoReg) - "Microsoft Corporation" - C:\Windows\system32\pnrpauto.dll
"@%SystemRoot%\system32\pnrpsvc.dll,-8000" (PNRPsvc) - "Microsoft Corporation" - C:\Windows\system32\pnrpsvc.dll
"@%SystemRoot%\system32\pnrpsvc.dll,-8004" (p2pimsvc) - "Microsoft Corporation" - C:\Windows\system32\pnrpsvc.dll
"@%SystemRoot%\System32\polstore.dll,-5010" (PolicyAgent) - "Microsoft Corporation" - C:\Windows\System32\ipsecsvc.dll
"@%SystemRoot%\system32\PresentationHost.exe,-3309" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
"@%systemroot%\system32\profsvc.dll,-300" (ProfSvc) - "Microsoft Corporation" - C:\Windows\system32\profsvc.dll
"@%SystemRoot%\System32\provsvc.dll,-100" (HomeGroupProvider) - "Microsoft Corporation" - C:\Windows\system32\provsvc.dll
"@%systemroot%\system32\psbase.dll,-300" (ProtectedStorage) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe
"@%SystemRoot%\system32\qagentrt.dll,-6" (napagent) - "Microsoft Corporation" - C:\Windows\system32\qagentRT.dll
"@%SystemRoot%\system32\qmgr.dll,-1000" (BITS) - "Microsoft Corporation" - C:\Windows\system32\qmgr.dll
"@%SystemRoot%\system32\qwave.dll,-1" (QWAVE) - "Microsoft Corporation" - C:\Windows\system32\qwave.dll
"@%Systemroot%\system32\rasauto.dll,-200" (RasAuto) - "Microsoft Corporation" - C:\Windows\System32\rasauto.dll
"@%Systemroot%\system32\rasmans.dll,-200" (RasMan) - "Microsoft Corporation" - C:\Windows\System32\rasmans.dll
"@%SystemRoot%\system32\samsrv.dll,-1" (SamSs) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe
"@%SystemRoot%\System32\SCardSvr.dll,-1" (SCardSvr) - "Microsoft Corporation" - C:\Windows\System32\SCardSvr.dll
"@%SystemRoot%\system32\schedsvc.dll,-100" (Schedule) - "Microsoft Corporation" - C:\Windows\system32\schedsvc.dll
"@%SystemRoot%\system32\sdrsvc.dll,-107" (SDRSVC) - "Microsoft Corporation" - C:\Windows\System32\SDRSVC.dll
"@%systemroot%\system32\SearchIndexer.exe,-103" (WSearch) - "Microsoft Corporation" - C:\Windows\system32\SearchIndexer.exe
"@%SystemRoot%\system32\seclogon.dll,-7001" (seclogon) - "Microsoft Corporation" - C:\Windows\system32\seclogon.dll
"@%SystemRoot%\system32\Sens.dll,-200" (SENS) - "Microsoft Corporation" - C:\Windows\system32\sens.dll
"@%SystemRoot%\System32\sensrsvc.dll,-1000" (SensrSvc) - "Microsoft Corporation" - C:\Windows\system32\sensrsvc.dll
"@%SystemRoot%\System32\SessEnv.dll,-1026" (SessionEnv) - "Microsoft Corporation" - C:\Windows\system32\sessenv.dll
"@%SystemRoot%\System32\shsvcs.dll,-12288" (ShellHWDetection) - "Microsoft Corporation" - C:\Windows\System32\shsvcs.dll
"@%SystemRoot%\system32\snmptrap.exe,-3" (SNMPTRAP) - "Microsoft Corporation" - C:\Windows\System32\snmptrap.exe
"@%systemroot%\system32\spoolsv.exe,-1" (Spooler) - "Microsoft Corporation" - C:\Windows\System32\spoolsv.exe
"@%SystemRoot%\system32\sppsvc.exe,-101" (sppsvc) - "Microsoft Corporation" - C:\Windows\system32\sppsvc.exe
"@%SystemRoot%\system32\sppuinotify.dll,-103" (sppuinotify) - "Microsoft Corporation" - C:\Windows\system32\sppuinotify.dll
"@%systemroot%\system32\srvsvc.dll,-100" (LanmanServer) - "Microsoft Corporation" - C:\Windows\System32\srvsvc.dll
"@%systemroot%\system32\ssdpsrv.dll,-100" (SSDPSRV) - "Microsoft Corporation" - C:\Windows\System32\ssdpsrv.dll
"@%SystemRoot%\system32\sstpsvc.dll,-200" (SstpSvc) - "Microsoft Corporation" - C:\Windows\system32\sstpsvc.dll
"@%SystemRoot%\System32\swprv.dll,-103" (swprv) - "Microsoft Corporation" - C:\Windows\System32\swprv.dll
"@%SystemRoot%\system32\sysmain.dll,-1000" (SysMain) - "Microsoft Corporation" - C:\Windows\system32\sysmain.dll
"@%SystemRoot%\system32\TabSvc.dll,-100" (TabletInputService) - "Microsoft Corporation" - C:\Windows\System32\TabSvc.dll
"@%SystemRoot%\system32\tapisrv.dll,-10100" (TapiSrv) - "Microsoft Corporation" - C:\Windows\System32\tapisrv.dll
"@%SystemRoot%\system32\tbssvc.dll,-100" (TBS) - "Microsoft Corporation" - C:\Windows\System32\tbssvc.dll
"@%SystemRoot%\System32\termsrv.dll,-268" (TermService) - "Microsoft Corporation" - C:\Windows\System32\termsrv.dll
"@%SystemRoot%\System32\themeservice.dll,-8192" (Themes) - "Microsoft Corporation" - C:\Windows\system32\themeservice.dll
"@%SystemRoot%\system32\trkwks.dll,-1" (TrkWks) - "Microsoft Corporation" - C:\Windows\System32\trkwks.dll
"@%SystemRoot%\system32\ui0detect.exe,-101" (UI0Detect) - "Microsoft Corporation" - C:\Windows\system32\UI0Detect.exe
"@%SystemRoot%\system32\umpnpmgr.dll,-100" (PlugPlay) - "Microsoft Corporation" - C:\Windows\system32\umpnpmgr.dll
"@%SystemRoot%\system32\umpo.dll,-100" (Power) - "Microsoft Corporation" - C:\Windows\system32\umpo.dll
"@%SystemRoot%\system32\umrdp.dll,-1000" (UmRdpService) - "Microsoft Corporation" - C:\Windows\System32\umrdp.dll
"@%systemroot%\system32\upnphost.dll,-213" (upnphost) - "Microsoft Corporation" - C:\Windows\System32\upnphost.dll
"@%SystemRoot%\system32\vaultsvc.dll,-1003" (VaultSvc) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe
"@%SystemRoot%\system32\vds.exe,-100" (vds) - "Microsoft Corporation" - C:\Windows\System32\vds.exe
"@%systemroot%\system32\vssvc.exe,-102" (VSS) - "Microsoft Corporation" - C:\Windows\system32\vssvc.exe
"@%SystemRoot%\system32\w32time.dll,-200" (W32Time) - "Microsoft Corporation" - C:\Windows\system32\w32time.dll
"@%Systemroot%\system32\wbem\wmiapsrv.exe,-110" (wmiApSrv) - "Microsoft Corporation" - C:\Windows\system32\wbem\WmiApSrv.exe
"@%Systemroot%\system32\wbem\wmisvc.dll,-205" (Winmgmt) - "Microsoft Corporation" - C:\Windows\system32\wbem\WMIsvc.dll
"@%systemroot%\system32\wbengine.exe,-104" (wbengine) - "Microsoft Corporation" - C:\Windows\system32\wbengine.exe
"@%systemroot%\system32\wbiosrvc.dll,-100" (WbioSrvc) - "Microsoft Corporation" - C:\Windows\System32\wbiosrvc.dll
"@%SystemRoot%\system32\wcncsvc.dll,-3" (wcncsvc) - "Microsoft Corporation" - C:\Windows\System32\wcncsvc.dll
"@%SystemRoot%\system32\WcsPlugInService.dll,-200" (WcsPlugInService) - "Microsoft Corporation" - C:\Windows\System32\WcsPlugInService.dll
"@%systemroot%\system32\wdi.dll,-500" (WdiSystemHost) - "Microsoft Corporation" - C:\Windows\system32\wdi.dll
"@%systemroot%\system32\wdi.dll,-502" (WdiServiceHost) - "Microsoft Corporation" - C:\Windows\system32\wdi.dll
"@%systemroot%\system32\webclnt.dll,-100" (WebClient) - "Microsoft Corporation" - C:\Windows\System32\webclnt.dll
"@%SystemRoot%\system32\wecsvc.dll,-200" (Wecsvc) - "Microsoft Corporation" - C:\Windows\system32\wecsvc.dll
"@%SystemRoot%\System32\wercplsupport.dll,-101" (wercplsupport) - "Microsoft Corporation" - C:\Windows\System32\wercplsupport.dll
"@%SystemRoot%\System32\wersvc.dll,-100" (WerSvc) - "Microsoft Corporation" - C:\Windows\System32\WerSvc.dll
"@%SystemRoot%\system32\wevtsvc.dll,-200" (eventlog) - "Microsoft Corporation" - C:\Windows\System32\svchost.exe
"@%SystemRoot%\system32\wiaservc.dll,-9" (StiSvc) - "Microsoft Corporation" - C:\Windows\System32\wiaservc.dll
"@%SystemRoot%\system32\winhttp.dll,-100" (WinHttpAutoProxySvc) - "Microsoft Corporation" - C:\Windows\system32\winhttp.dll
"@%systemroot%\system32\wkssvc.dll,-100" (LanmanWorkstation) - "Microsoft Corporation" - C:\Windows\System32\wkssvc.dll
"@%SystemRoot%\System32\wlansvc.dll,-257" (Wlansvc) - "Microsoft Corporation" - C:\Windows\System32\wlansvc.dll
"@%SystemRoot%\system32\wpcsvc.dll,-100" (WPCSvc) - "Microsoft Corporation" - C:\Windows\System32\wpcsvc.dll
"@%SystemRoot%\system32\wpdbusenum.dll,-100" (WPDBusEnum) - "Microsoft Corporation" - C:\Windows\system32\wpdbusenum.dll
"@%SystemRoot%\System32\wscsvc.dll,-200" (wscsvc) - "Microsoft Corporation" - C:\Windows\system32\wscsvc.dll
"@%Systemroot%\system32\wsmsvc.dll,-101" (WinRM) - "Microsoft Corporation" - C:\Windows\system32\WsmSvc.dll
"@%systemroot%\system32\wuaueng.dll,-105" (wuauserv) - "Microsoft Corporation" - C:\Windows\system32\wuaueng.dll
"@%SystemRoot%\system32\wudfsvc.dll,-1000" (wudfsvc) - "Microsoft Corporation" - C:\Windows\System32\WUDFSvc.dll
"@%SystemRoot%\System32\wwansvc.dll,-257" (WwanSvc) - "Microsoft Corporation" - C:\Windows\System32\wwansvc.dll
"@%windir%\system32\RpcEpMap.dll,-1001" (RpcEptMapper) - "Microsoft Corporation" - C:\Windows\System32\RpcEpMap.dll
"@%windir%\WindowsMobile\rapimgr.dll,-104" (RapiMgr) - "Microsoft Corporation" - C:\Windows\WindowsMobile\rapimgr.dll
"@%windir%\WindowsMobile\wcescomm.dll,-40079" (WcesComm) - "Microsoft Corporation" - C:\Windows\WindowsMobile\wcescomm.dll
"@appmgmts.dll,-3250" (AppMgmt) - "Microsoft Corporation" - C:\Windows\System32\appmgmts.dll
"@comres.dll,-2450" (EventSystem) - "Microsoft Corporation" - C:\Windows\system32\es.dll
"@comres.dll,-2797" (MSDTC) - "Microsoft Corporation" - C:\Windows\System32\msdtc.exe
"@comres.dll,-2946" (KtmRm) - "Microsoft Corporation" - C:\Windows\system32\msdtckrm.dll
"@comres.dll,-947" (COMSysApp) - "Microsoft Corporation" - C:\Windows\system32\dllhost.exe
"@gpapi.dll,-112" (gpsvc) - "Microsoft Corporation" - C:\Windows\System32\gpsvc.dll
"@keyiso.dll,-100" (KeyIso) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe
"@oleres.dll,-5010" (RpcSs) - "Microsoft Corporation" - C:\Windows\system32\rpcss.dll
"@oleres.dll,-5012" (DcomLaunch) - "Microsoft Corporation" - C:\Windows\system32\rpcss.dll
"@regsvc.dll,-1" (RemoteRegistry) - "Microsoft Corporation" - C:\Windows\system32\regsvc.dll
"AAV UpdateService" (AAV UpdateService) - ? - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
"AcPrfMgrSvc" (AcPrfMgrSvc) - "Lenovo" - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
"AcSvc" (AcSvc) - "Lenovo" - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Andrea ADI Filters Service" (AEADIFilters) - "Andrea Electronics Corporation" - C:\Windows\system32\AEADISRV.EXE
"Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Ati External Event Utility" (Ati External Event Utility) - "ATI Technologies Inc." - C:\Windows\system32\Ati2evxx.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
"Cisco EnergyWise Enabler" (PwmEWSvc) - "Lenovo Group Limited" - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"DirMngr" (DirMngr) - ? - C:\Program Files\GNU\GnuPG\dirmngr.exe  (File found, but it contains no detailed information)
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service" (BTHSSecurityMgr) - "Intel(R) Corporation" - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"Intel(R) PROSet/Wireless Zero Configuration Service" (ZeroConfigService) - "Intel® Corporation" - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
"Intel® Centrino® Wireless Bluetooth® + High Speed Service" (AMPPALR3) - "Intel Corporation" - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Lenovo Auto Scroll" (Lenovo.VIRTSCRLSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
"Lenovo Doze Mode Service" (DozeSvc) - "Lenovo." - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
"Lenovo Hotkey Client Loader" (TPHKLOAD) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
"Lenovo Microphone Mute" (LENOVO.MICMUTE) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"NMSAccess32" (NMSAccess32) - ? - C:\Windows\system32\NMSAccess32.exe  (File found, but it contains no detailed information)
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Power Manager DBC Service" (Power Manager DBC Service) - "Lenovo" - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"ShadowExplorer Service" (sesvc) - "www.shadowexplorer.com" - C:\Program Files\ShadowExplorer\sesvc.exe
"System Update" (SUService) - "Lenovo Group Limited" - C:\Program Files\Lenovo\System Update\SUService.exe
"ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\Windows\System32\TPHDEXLG.exe
"ThinkPad PM Service" (IBMPMSVC) - "Lenovo." - C:\Windows\system32\ibmpmsvc.exe
"XAudioService" (XAudioService) - "Conexant Systems, Inc." - C:\Windows\system32\DRIVERS\xaudio.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Stardust Software" - C:\Windows\system32\LOEFFE~1.SCR
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"VmApplet" - "Microsoft Corporation" - C:\Windows\system32\SystemPropertiesPerformance.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" - "Microsoft Corporation" - C:\Windows\system32\dot3gpclnt.dll
{f3ccc681-b74c-4060-9f26-cd84525dca2a} "Audit Policy Configuration" - "Microsoft Corporation" - C:\Windows\system32\auditcse.dll
{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f} "CP" - "Microsoft Corporation" - C:\Windows\system32\gptext.dll
{8A28E2C5-8D06-49A4-A08C-632DAA493E17} "Deployed Printer Connections" - "Microsoft Corporation" - C:\Windows\system32\gpprnext.dll
{FB2CA36D-0B40-4307-821B-A13B252DE56C} "Enterprise QoS" - "Microsoft Corporation" - C:\Windows\system32\gptext.dll
{25537BA6-77A8-11D2-9B6C-0000F8080861} "Folder Redirection" - "Microsoft Corporation" - C:\Windows\system32\fdeploy.dll
{F9C77450-3A41-477E-9310-9ACD617BD9E3} "Group Policy Applications" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{728EE579-943C-4519-9EF7-AB56765798ED} "Group Policy Data Sources" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{1A6364EB-776B-4120-ADE1-B63A406A76B5} "Group Policy Device Settings" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{5794DAFD-BE60-433f-88A2-1A31939AC01F} "Group Policy Drive Maps" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{0E28E245-9368-4853-AD84-6DA3BA35BB75} "Group Policy Environment" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{7150F9BF-48AD-4da4-A49C-29EF4A8369BA} "Group Policy Files" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{A3F3E39B-5D83-4940-B954-28315B82F0A8} "Group Policy Folder Options" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{6232C319-91AC-4931-9385-E70C2B099F0E} "Group Policy Folders" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{74EE6C03-5363-4554-B161-627540339CAB} "Group Policy Ini Files" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{E47248BA-94CC-49c4-BBB5-9EB7F05183D0} "Group Policy Internet Settings" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{17D89FEC-5C44-4972-B12D-241CAEF74509} "Group Policy Local Users and Groups" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F} "Group Policy Network Options" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2} "Group Policy Network Shares" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{E62688F0-25FD-4c90-BFF5-F508B9D2E31F} "Group Policy Power Options" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D} "Group Policy Printers" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{E5094040-C46C-4115-B030-04FB2E545B00} "Group Policy Regional Options" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{B087BE9D-ED37-454f-AF9C-04291E351182} "Group Policy Registry" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{AADCED64-746C-4633-A97C-D61349046527} "Group Policy Scheduled Tasks" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{91FBB303-0CD5-4055-BF42-E512A681B325} "Group Policy Services" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7} "Group Policy Shortcuts" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{E4F48E54-F38D-4884-BFB9-D4D2E5729C18} "Group Policy Start Menu Settings" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll
{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer Branding" - "Microsoft Corporation" - C:\Windows\System32\iedkcs32.dll
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} "Internet Explorer Machine Accelerators" - "Microsoft Corporation" - C:\Windows\System32\iedkcs32.dll
{7B849a69-220F-451E-B3FE-2CB811AF94AE} "Internet Explorer User Accelerators" - "Microsoft Corporation" - C:\Windows\System32\iedkcs32.dll
{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer Zonemapping" - "Microsoft Corporation" - C:\Windows\System32\iedkcs32.dll
{e437bc1c-aa7d-11d2-a382-00c04f991e27} "IP Security" - "Microsoft Corporation" - C:\Windows\System32\polstore.dll
{3610eda5-77ef-11d2-8dc5-00c04fa31a66} "Microsoft Disk Quota" - "Microsoft Corporation" - C:\Windows\System32\dskquota.dll
{C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\Windows\System32\cscobj.dll
{426031c0-0b47-4852-b0ca-ac3d37bfcb39} "QoS Packet Scheduler" - "Microsoft Corporation" - C:\Windows\system32\gptext.dll
{4bcd6cde-777b-48b6-9804-43568e23545d} "Remote Desktop USB Redirection" - "Microsoft Corporation" - C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
{42B5FAAE-6536-11d2-AE5A-0000F87571E3} "Scripts" - "Microsoft Corporation" - C:\Windows\system32\gpscript.dll
{827D319E-6EAC-11D2-A4EA-00C04F79F83A} "Security" - "Microsoft Corporation" - C:\Windows\system32\scecli.dll
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Software Installation" - "Microsoft Corporation" - C:\Windows\system32\appmgmts.dll
{cdeafc3d-948d-49dd-ab12-e578ba4af7aa} "TCPIP" - "Microsoft Corporation" - C:\Windows\system32\gptext.dll
{7933F41E-56F8-41d6-A31C-4148A711EE93} "Windows Search Group Policy Extension" - "Microsoft Corporation" - C:\Windows\System32\srchadmin.dll
{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} "Wireless Group Policy" - "Microsoft Corporation" - C:\Windows\system32\wlgpclnt.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"psfus" - "Authentec Inc." - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"@%SystemRoot%\system32\napinsp.dll,-1000" - "Microsoft Corporation" - C:\Windows\system32\napinsp.dll
"@%SystemRoot%\system32\nlasvc.dll,-1000" - "Microsoft Corporation" - C:\Windows\system32\NLAapi.dll
"@%SystemRoot%\system32\pnrpnsp.dll,-1000" - "Microsoft Corporation" - C:\Windows\system32\pnrpnsp.dll
"@%SystemRoot%\system32\pnrpnsp.dll,-1001" - "Microsoft Corporation" - C:\Windows\system32\pnrpnsp.dll
"@%SystemRoot%\system32\wshtcpip.dll,-60103" - "Microsoft Corporation" - C:\Windows\System32\mswsock.dll
"Bluetooth-Namespace" - "Microsoft Corporation" - C:\Windows\system32\wshbth.dll
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"NTDS" - "Microsoft Corporation" - C:\Windows\System32\winrnr.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"@%SystemRoot%\System32\wship6.dll,-60100" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"@%SystemRoot%\System32\wship6.dll,-60101" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"@%SystemRoot%\System32\wship6.dll,-60102" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"@%SystemRoot%\System32\wshqos.dll,-100" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"@%SystemRoot%\System32\wshqos.dll,-101" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"@%SystemRoot%\System32\wshqos.dll,-102" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"@%SystemRoot%\System32\wshqos.dll,-103" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"@%SystemRoot%\System32\wshtcpip.dll,-60100" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"@%SystemRoot%\System32\wshtcpip.dll,-60101" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"@%SystemRoot%\System32\wshtcpip.dll,-60102" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD Irda [IrDA]" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1924F935-CFBF-476D-82E4-E75B76299CED}] DATAGRAM 5" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1924F935-CFBF-476D-82E4-E75B76299CED}] SEQPACKET 5" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1A88D420-BE4A-41B5-89C6-05A7BCCE7591}] DATAGRAM 2" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1A88D420-BE4A-41B5-89C6-05A7BCCE7591}] SEQPACKET 2" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3222A70D-BED3-44EB-9A27-3D895F894144}] DATAGRAM 3" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3222A70D-BED3-44EB-9A27-3D895F894144}] SEQPACKET 3" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A3C9EDCC-AD56-4333-A069-8A281D433687}] DATAGRAM 8" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A3C9EDCC-AD56-4333-A069-8A281D433687}] SEQPACKET 8" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CA03B983-D3E5-4B6D-9378-82882C959879}] DATAGRAM 4" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CA03B983-D3E5-4B6D-9378-82882C959879}] SEQPACKET 4" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F0827274-9028-40B1-8783-1A72AE44394C}] DATAGRAM 12" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F0827274-9028-40B1-8783-1A72AE44394C}] SEQPACKET 12" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip6_{FB9373FB-10FA-4F4C-ADF1-B61BFCB6A01C}] DATAGRAM 10" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip6_{FB9373FB-10FA-4F4C-ADF1-B61BFCB6A01C}] SEQPACKET 10" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{1A88D420-BE4A-41B5-89C6-05A7BCCE7591}] DATAGRAM 1" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{1A88D420-BE4A-41B5-89C6-05A7BCCE7591}] SEQPACKET 1" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{3222A70D-BED3-44EB-9A27-3D895F894144}] DATAGRAM 0" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{3222A70D-BED3-44EB-9A27-3D895F894144}] SEQPACKET 0" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{A3C9EDCC-AD56-4333-A069-8A281D433687}] DATAGRAM 7" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{A3C9EDCC-AD56-4333-A069-8A281D433687}] SEQPACKET 7" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0827274-9028-40B1-8783-1A72AE44394C}] DATAGRAM 11" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0827274-9028-40B1-8783-1A72AE44394C}] SEQPACKET 11" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll
"MSAFD RfComm [Bluetooth]" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll

===[ Logfile end ]=========================================[ Logfile end ]===
Geändert von ms_sh (03.07.2012 um 20:14 Uhr)

Alt 04.07.2012, 16:20   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner! (flirt-fever.de) - Standard

Verschlüsselungstrojaner! (flirt-fever.de)


Kommen die anderen Logs noch?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.07.2012, 08:29   #24
ms_sh
 
Verschlüsselungstrojaner! (flirt-fever.de) - Standard

Verschlüsselungstrojaner! (flirt-fever.de)


Den GMER-Scan hab ich jetzt auch im 2.Versuch abgebrochen - er dauert einfach zu lange (>12h).

Hier der GMER-Log bis zu den Zeitpunkt an dem ich ihn beendet habe:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-06 09:21:42
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST975042 rev.0001
Running: 8o0t8u9d.exe; Driver: C:\Users\***\AppData\Local\Temp\agloypog.sys


---- System - GMER 1.0.15 ----

SSDT            934C0E5E                                                                                                                                            ZwCreateSection
SSDT            934C0E68                                                                                                                                            ZwRequestWaitReplyPort
SSDT            934C0E63                                                                                                                                            ZwSetContextThread
SSDT            934C0E6D                                                                                                                                            ZwSetSecurityObject
SSDT            934C0E72                                                                                                                                            ZwSystemDebugControl
SSDT            934C0DFF                                                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwSaveKey + 13BD                                                                                                                       8304F9D9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                                              8306F512 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntoskrnl.exe!KeRemoveQueueEx + 14BF                                                                                                                 830768AC 4 Bytes  [5E, 0E, 4C, 93] {POP ESI; PUSH CS; DEC ESP; XCHG EBX, EAX}
.text           ntoskrnl.exe!KeRemoveQueueEx + 181B                                                                                                                 83076C08 4 Bytes  [68, 0E, 4C, 93]
.text           ntoskrnl.exe!KeRemoveQueueEx + 185F                                                                                                                 83076C4C 4 Bytes  [63, 0E, 4C, 93] {ARPL [ESI], CX; DEC ESP; XCHG EBX, EAX}
.text           ntoskrnl.exe!KeRemoveQueueEx + 18DB                                                                                                                 83076CC8 4 Bytes  [6D, 0E, 4C, 93] {INSD ; PUSH CS; DEC ESP; XCHG EBX, EAX}
.text           ntoskrnl.exe!KeRemoveQueueEx + 192F                                                                                                                 83076D1C 4 Bytes  [72, 0E, 4C, 93] {JB 0x10; DEC ESP; XCHG EBX, EAX}
.text           ...                                                                                                                                                 
PAGE            peauth.sys                                                                                                                                          99ABABEC 111 Bytes  [19, E8, 8F, EE, 2A, DA, 46, ...]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4124] ntdll.dll!DbgUiRemoteBreakin                                               76E2F17D 1 Byte  [C3]
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4288] kernel32.dll!SetUnhandledExceptionFilter                               76B5F4FB 5 Bytes  JMP 00468140 C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe (DeviceManager.exe/Mobileleader Co., Ltd.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1340] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [74E5FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1340] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [74E5FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1340] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [74E5FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1340] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [74E5FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1340] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]   [74E5FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Lenovo\System Update\SUService.exe[3428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                           [74E5FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Lenovo\System Update\SUService.exe[3428] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                             [74E5FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Lenovo\System Update\SUService.exe[3428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                            [74E5FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Lenovo\System Update\SUService.exe[3428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                          [74E5FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Lenovo\System Update\SUService.exe[3428] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                           [74E5FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Lenovo\System Update\SUService.exe[3428] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                           [74E5FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[4076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                                               [74E5FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[4076] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                                                [74E5FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[4076] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                                             [74E5FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[4076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                                              [74E5FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[4076] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                                              [74E5FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                             Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                             Tppwr32v.sys (Power Manager/Lenovo Group Limited)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                             Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                             Tppwr32v.sys (Power Manager/Lenovo Group Limited)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\SynTP \Device\00000082                                                                                                                      Tppwr32v.sys (Power Manager/Lenovo Group Limited)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000005a                                                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197de9e9e0                                                                         
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197de9e9e0 (not active ControlSet)                                                     
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextSqmReportTime                                                          2012-07-05 18:15:11
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime                                                          2012-07-05 18:15:11

Alt 06.07.2012, 10:44   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner! (flirt-fever.de) - Standard

Verschlüsselungstrojaner! (flirt-fever.de)


was ist mit aswmbr?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.07.2012, 12:03   #26
ms_sh
 
Verschlüsselungstrojaner! (flirt-fever.de) - Standard

Verschlüsselungstrojaner! (flirt-fever.de)


Hier:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-06 12:15:20
-----------------------------
12:15:20.083    OS Version: Windows 6.1.7601 Service Pack 1
12:15:20.083    Number of processors: 2 586 0xF06
12:15:20.083    ComputerName: ***-PC  UserName: ***
12:15:34.482    Initialize success
12:15:40.472    AVAST engine defs: 12070501
12:15:43.717    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:15:43.717    Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 3
12:15:43.764    Disk 0 MBR read successfully
12:15:43.764    Disk 0 MBR scan
12:15:43.779    Disk 0 unknown MBR code
12:15:43.795    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       229153 MB offset 63
12:15:43.842    Disk 0 Partition 2 00     82   Linux swap              5004 MB offset 469307392
12:15:43.857    Disk 0 Partition 3 00     83        Linux             10001 MB offset 479555584
12:15:43.857    Disk 0 Partition - 00     05     Extended            471242 MB offset 500039678
12:15:43.889    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       200004 MB offset 850738203
12:15:43.889    Disk 0 Partition - 00     05     Extended             99998 MB offset 1260347445
12:15:43.920    Disk 0 scanning sectors +1465144065
12:15:44.013    Disk 0 scanning C:\Windows\system32\drivers
12:16:20.230    Service scanning
12:16:48.515    Modules scanning
12:16:56.736    Module: C:\Windows\System32\usp10.dll  **SUSPICIOUS**
12:16:56.830    Module: C:\Windows\System32\lpk.dll  **SUSPICIOUS**
12:16:56.970    Module: C:\Windows\System32\iertutil.dll  **SUSPICIOUS**
12:16:57.500    Module: C:\Windows\System32\shell32.dll  **SUSPICIOUS**
12:16:57.610    Module: C:\Windows\System32\rpcrt4.dll  **SUSPICIOUS**
12:16:57.734    Module: C:\Windows\System32\urlmon.dll  **SUSPICIOUS**
12:16:57.828    Module: C:\Windows\System32\gdi32.dll  **SUSPICIOUS**
12:16:57.922    Module: C:\Windows\System32\imm32.dll  **SUSPICIOUS**
12:16:57.984    Module: C:\Windows\System32\nsi.dll  **SUSPICIOUS**
12:16:58.140    Module: C:\Windows\System32\wininet.dll  **SUSPICIOUS**
12:16:58.280    Module: C:\Windows\System32\shlwapi.dll  **SUSPICIOUS**
12:16:58.374    Module: C:\Windows\System32\oleaut32.dll  **SUSPICIOUS**
12:16:58.546    Module: C:\Windows\System32\Wldap32.dll  **SUSPICIOUS**
12:16:58.670    Module: C:\Windows\System32\msctf.dll  **SUSPICIOUS**
12:16:58.842    Module: C:\Windows\System32\ole32.dll  **SUSPICIOUS**
12:16:58.936    Module: C:\Windows\System32\ws2_32.dll  **SUSPICIOUS**
12:16:59.076    Module: C:\Windows\System32\kernel32.dll  **SUSPICIOUS**
12:16:59.185    Module: C:\Windows\System32\user32.dll  **SUSPICIOUS**
12:16:59.357    Module: C:\Windows\System32\crypt32.dll  **SUSPICIOUS**
12:16:59.497    Module: C:\Windows\System32\KernelBase.dll  **SUSPICIOUS**
12:16:59.622    Module: C:\Windows\System32\wintrust.dll  **SUSPICIOUS**
12:16:59.700    Module: C:\Windows\System32\msasn1.dll  **SUSPICIOUS**
12:16:59.716    Disk 0 trace - called modules:
12:16:59.747    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 
12:16:59.747    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e10a38]
12:16:59.747    3 CLASSPNP.SYS[8c70a59e] -> nt!IofCallDriver -> [0x86417878]
12:16:59.762    5 ACPI.sys[8be2d3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8640a028]
12:17:01.088    AVAST engine scan C:\Windows
12:17:07.111    AVAST engine scan C:\Windows\system32
12:23:31.748    AVAST engine scan C:\Windows\system32\drivers
12:25:06.115    AVAST engine scan C:\Users\***
12:29:10.540    AVAST engine scan C:\ProgramData
12:30:19.928    Scan finished successfully
12:57:09.898    Disk 0 MBR has been saved successfully to "C:\Users\***\Downloads\MBR.dat"
12:57:09.898    The log file has been saved successfully to "C:\Users\***\Downloads\aswMBR.txt"

Alt 06.07.2012, 13:59   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner! (flirt-fever.de) - Standard

Verschlüsselungstrojaner! (flirt-fever.de)


Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.07.2012, 19:03   #28
ms_sh
 
Verschlüsselungstrojaner! (flirt-fever.de) - Standard

Verschlüsselungstrojaner! (flirt-fever.de)


FixMBR hat problemlos geklappt, bloß stürzt aswMBR jetzt dauernd nach einer Weile ab wenn der Scan läuft. Das war beim ersten Mal scannen auch so, hat dann aber im dritten Analuf geklappt. Virenscanner ist deaktiviert und ich habe auch sonst nichts parallel am PC gemacht...

Alt 09.07.2012, 12:18   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner! (flirt-fever.de) - Standard

Verschlüsselungstrojaner! (flirt-fever.de)


Deswegen gabs ganzn unten zu aswMBR auch das:

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.07.2012, 19:51   #30
ms_sh
 
Verschlüsselungstrojaner! (flirt-fever.de) - Standard

Verschlüsselungstrojaner! (flirt-fever.de)


OK jetzt hab ich's:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-09 20:44:00
-----------------------------
20:44:00.302    OS Version: Windows 6.1.7601 Service Pack 1
20:44:00.302    Number of processors: 2 586 0xF06
20:44:00.302    ComputerName: ***-PC  UserName: ***
20:44:10.535    Initialize success
20:44:11.440    AVAST engine defs: 12070900
20:44:31.455    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:44:31.455    Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 3
20:44:31.470    Disk 0 MBR read successfully
20:44:31.470    Disk 0 MBR scan
20:44:31.486    Disk 0 Windows 7 default MBR code
20:44:31.486    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       244159 MB offset 63
20:44:31.486    Disk 0 Partition - 00     05     Extended            471242 MB offset 500039678
20:44:31.533    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       371236 MB offset 500055255
20:44:31.533    Disk 0 Partition - 00     05     Extended             99998 MB offset 1260347445
20:44:31.626    Disk 0 scanning sectors +1465144065
20:44:31.720    Disk 0 scanning C:\Windows\system32\drivers
20:45:07.445    Service scanning
20:45:38.599    Modules scanning
20:45:54.274    Module: C:\Windows\System32\apisetschema.dll  **SUSPICIOUS**
20:45:54.384    Module: C:\Windows\System32\autochk.exe  **SUSPICIOUS**
20:45:54.540    Module: C:\Windows\System32\Wldap32.dll  **SUSPICIOUS**
20:45:54.664    Module: C:\Windows\System32\sechost.dll  **SUSPICIOUS**
20:45:54.852    Module: C:\Windows\System32\wininet.dll  **SUSPICIOUS**
20:45:55.008    Module: C:\Windows\System32\nsi.dll  **SUSPICIOUS**
20:45:55.101    Module: C:\Windows\System32\clbcatq.dll  **SUSPICIOUS**
20:45:55.210    Module: C:\Windows\System32\imm32.dll  **SUSPICIOUS**
20:45:55.366    Module: C:\Windows\System32\gdi32.dll  **SUSPICIOUS**
20:45:55.632    Module: C:\Windows\System32\iertutil.dll  **SUSPICIOUS**
20:45:55.803    Module: C:\Windows\System32\normaliz.dll  **SUSPICIOUS**
20:45:55.928    Module: C:\Windows\System32\kernel32.dll  **SUSPICIOUS**
20:45:56.224    Module: C:\Windows\System32\urlmon.dll  **SUSPICIOUS**
20:45:56.583    Module: C:\Windows\System32\usp10.dll  **SUSPICIOUS**
20:45:57.020    Module: C:\Windows\System32\msctf.dll  **SUSPICIOUS**
20:45:57.145    Module: C:\Windows\System32\shlwapi.dll  **SUSPICIOUS**
20:45:57.316    Module: C:\Windows\System32\oleaut32.dll  **SUSPICIOUS**
20:45:57.472    Module: C:\Windows\System32\user32.dll  **SUSPICIOUS**
20:45:59.110    Module: C:\Windows\System32\KernelBase.dll  **SUSPICIOUS**
20:45:59.656    Module: C:\Windows\System32\wintrust.dll  **SUSPICIOUS**
20:45:59.937    Module: C:\Windows\System32\crypt32.dll  **SUSPICIOUS**
20:46:00.046    Disk 0 trace - called modules:
20:46:00.078    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 
20:46:00.093    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e104f0]
20:46:00.093    3 CLASSPNP.SYS[8c7d059e] -> nt!IofCallDriver -> [0x863ef810]
20:46:00.093    5 ACPI.sys[8be3b3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x863b8028]
20:46:00.109    Scan finished successfully
20:48:30.522    Disk 0 MBR has been saved successfully to "C:\Users\***\Downloads\MBR.dat"
20:48:30.522    The log file has been saved successfully to "C:\Users\***\Downloads\aswMBR2.txt"

Antwort
Seite 2 von 3 1 2 3

Themen zu Verschlüsselungstrojaner! (flirt-fever.de)
anhang, beenden, beendet, benutzer, bild, computer, dateisystem, device driver, document, eingeblendet, euro, folge, folgende, forum, gemail, gmer-scan, google earth, heuristiks/extra, heuristiks/shuriken, install.exe, kosten, langs, lenovo, mail, microsoft office word, modus, neu, neustart, neustarten, nicht mehr, offene, ordner, plug-in, plötzlich, rechnung, safer networking, searchscopes, taskmanager, total commander, trojaner-board, version=1.0, öffnen


« PUM.Hijack.StartMenu | Nach GVU-Trojander RunDLL "glom0_og.exe" fehler »

Ähnliche Themen: Verschlüsselungstrojaner! (flirt-fever.de)


  1. Flirt-Fever Trojaner_abgesicherter Modus funktioniert nicht
    Log-Analyse und Auswertung - 12.09.2012 (5)
  2. (2x) Flirt-Fever Trojaner/Virus hat PC verseucht
    Mülltonne - 14.06.2012 (1)
  3. flirt-fever Verschlüsselungstrojaner ohne original dateien
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (1)
  4. Verschlüsselungstrojaner von Schreiben.zip -Flirt Fever
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (2)
  5. Windows Verschlüsselungs Trojaner (flirt-fever)
    Log-Analyse und Auswertung - 11.06.2012 (1)
  6. Entschlüsselungstrojaner von Flirt-fever
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (2)
  7. flirt-fever trjoaner! befallen!
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (3)
  8. Verschlüsselungstrojaner (E-Mail Flirt Fever)
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (6)
  9. Trojaner über Flirt Fever
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  10. Flirt-Fever Trojaner-Befall
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  11. Verschlüsselungstrojaner nach Flirt-Fever Mail
    Plagegeister aller Art und deren Bekämpfung - 06.06.2012 (5)
  12. (2x) verschlüsselungs Trojaner nach flirt fever mail
    Mülltonne - 05.06.2012 (1)
  13. Verschlüsselungstrojaner Flirt Fever "Mahnbescheid"
    Mülltonne - 05.06.2012 (1)
  14. Flirt Fever - Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 04.06.2012 (5)
  15. Flirt Fever Trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
  16. Flirt Fever Trojaner einfach nur loswerden
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
  17. flirt-fever malware
    Plagegeister aller Art und deren Bekämpfung - 31.05.2012 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Verschlüsselungstrojaner! (flirt-fever.de) - Logfile habe ich als Anhang als Zip hochgeladen... - Verschlüsselungstrojaner! (flirt-fever.de)...
Archiv
Du betrachtest: Verschlüsselungstrojaner! (flirt-fever.de) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129