AntiVir hat DR/PSW.Cain.284.3 Dropper TR/Rootkit.Gen und TR/Crypt.XPACK.Gen2 gefunden!

Rumpel22 · 20.05.2011, 19:22

Zitat:

Zitat von cosinus

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

GMER hat beim ersten Mal einwandfrei ohne Absturz funktioniert.

Hier das Logfile von GMER:

Code:

ATTFilter

GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-20 19:54:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 WDC_WD1200JD-00HBB0 rev.08.02D08
Running: 7rj48ke2.exe; Driver: C:\DOKUME~1\Peter\LOKALE~1\Temp\fxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT                                                                                                                                  F6EF1136                                                                                                         ZwCreateKey
SSDT                                                                                                                                  F6EF112C                                                                                                         ZwCreateThread
SSDT                                                                                                                                  F6EF113B                                                                                                         ZwDeleteKey
SSDT                                                                                                                                  F6EF1145                                                                                                         ZwDeleteValueKey
SSDT                                                                                                                                  F6EF114A                                                                                                         ZwLoadKey
SSDT                                                                                                                                  F6EF1118                                                                                                         ZwOpenProcess
SSDT                                                                                                                                  F6EF111D                                                                                                         ZwOpenThread
SSDT                                                                                                                                  F6EF1154                                                                                                         ZwReplaceKey
SSDT                                                                                                                                  F6EF114F                                                                                                         ZwRestoreKey
SSDT                                                                                                                                  F6EF1140                                                                                                         ZwSetValueKey

INT 0x06                                                                                                                              \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems)  EB96916D
INT 0x0E                                                                                                                              \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems)  EB968FC2
INT 0x62                                                                                                                              ?                                                                                                                FAF45044
INT 0x63                                                                                                                              ?                                                                                                                FABC19DC
INT 0x73                                                                                                                              ?                                                                                                                FAC138BC
INT 0x82                                                                                                                              ?                                                                                                                FAF11954
INT 0x83                                                                                                                              ?                                                                                                                FAF1ABEC
INT 0x92                                                                                                                              ?                                                                                                                FABB3BEC
INT 0xA3                                                                                                                              ?                                                                                                                FAC1C044
INT 0xA4                                                                                                                              ?                                                                                                                FAC90044
INT 0xB1                                                                                                                              ?                                                                                                                FAFB5BEC
INT 0xB2                                                                                                                              ?                                                                                                                FABB1BEC
INT 0xB4                                                                                                                              ?                                                                                                                FAC148BC

---- Kernel code sections - GMER 1.0.15 ----

.text                                                                                                                                 C:\WINDOWS\system32\drivers\hardlock.sys                                                                         section is writeable [0xEB5ED400, 0x7960C, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xEB68F420]  C:\WINDOWS\system32\drivers\hardlock.sys                                                                         entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xEB68F420]
.protectÿÿÿÿhardlockunknown last code section [0xEB68F200, 0x5049, 0xE0000020]                                                        C:\WINDOWS\system32\drivers\hardlock.sys                                                                         unknown last code section [0xEB68F200, 0x5049, 0xE0000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice                                                                                                                        \FileSystem\Fastfat \Fat                                                                                         fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Und hier das Logfile von OSAM:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:15:00 on 20.05.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Orb Index when idle.job" - "Orb Networks" - C:\Programme\Winamp Remote\bin\OrbLauncher.exe
-----( HKLM\SOFTWARE\Classes\exefile\shell\open\command )-----
"{Default}" - ? - "%1" %*  (Hidden registry entry, rootkit activity | System default value)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Desktop Search" - ? - C:\Programme\Windows Desktop Search\ControlPanel.cpl  (File found, but it contains no detailed information)
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmeject.sys
"BrPar" (BrPar) - "Brother Industries Ltd." - C:\WINDOWS\System32\drivers\BrPar.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Peter\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"cpuz134" (cpuz134) - ? - C:\DOKUME~1\Peter\LOKALE~1\Temp\cpuz134\cpuz134_x32.sys  (File not found)
"Haspnt" (Haspnt) - "Aladdin Knowledge Systems" - C:\WINDOWS\system32\drivers\Haspnt.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"Intel(R) PRO/1000 Network Connection Driver" (E1000) - ? - C:\WINDOWS\System32\DRIVERS\e1000325.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mwgeobey" (mwgeobey) - ? - C:\WINDOWS\System32\drivers\xwrv.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Die derzeitige Homepage" - ? - About:Home  (Hidden registry entry, rootkit activity | System default value)
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{7790769C-0471-11d2-AF11-00C04FA35D02} "Adressbuch 6" - ? - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install  (Hidden registry entry, rootkit activity | File not found)
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} "Browser Customizations" - "Microsoft Corporation" - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP  (Hidden registry entry, rootkit activity | File signed by Microsoft)
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS "Browseranpassungen" - "Microsoft Corporation" - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP  (Hidden registry entry, rootkit activity | File signed by Microsoft)
>{26923b43-4d38-484f-9b9e-de460746276c} "Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{89820200-ECBD-11cf-8B85-00AA005B4383} "Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Outlook Express 6" - ? - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install  (Hidden registry entry, rootkit activity | File not found)
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - ? - C:\WINDOWS\inf\unregmp2.exe /HideWMP  (Hidden registry entry, rootkit activity | File not found)
{6BF52A52-394A-11d3-B153-00C04F79FAA6} "Microsoft Windows Media Player" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} "NetMeeting 3.01" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT  (Hidden registry entry, rootkit activity | File signed by Microsoft)
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} "Outlook Express" - ? - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE  (Hidden registry entry, rootkit activity | File not found)
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - ? - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll  (Hidden registry entry, rootkit activity | File not found)
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} "Versions-Update für Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieudinit.exe  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" - ? - regsvr32.exe /s /n /i:U shell32.dll  (Hidden registry entry, rootkit activity | File not found)
{5945c046-1e7d-11d1-bc44-00c04fd912be} "Windows Messenger 4.7" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser  (Hidden registry entry, rootkit activity | File signed by Microsoft)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - ? - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll  (Hidden registry entry, rootkit activity | File not found)
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll  (Hidden registry entry, rootkit activity | File not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} "AP Class Install Handler filter" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll  (Hidden registry entry, rootkit activity)
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll  (Hidden registry entry, rootkit activity)
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll  (Hidden registry entry, rootkit activity)
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL  (Hidden registry entry, rootkit activity)
{733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3dd53d40-7b8b-11D0-b013-00aa0059ce02} "CDL: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - ? - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL  (Hidden registry entry, rootkit activity | File not found)
{12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{79eac9e3-baf9-11ce-8c82-00aa004ba90b} "ftp: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{79eac9e4-baf9-11ce-8c82-00aa004ba90b} "gopher: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{79eac9e2-baf9-11ce-8c82-00aa004ba90b} "http: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{79eac9e5-baf9-11ce-8c82-00aa004ba90b} "https: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - ? - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL  (Hidden registry entry, rootkit activity | File not found)
{05300401-BCBC-11d0-85E3-00C04FD85AB4} "MHTML Asychronous Pluggable Protocol Handler" - ? - C:\WINDOWS\system32\inetcomm.dll  (Hidden registry entry, rootkit activity | File not found)
{3050F406-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML About Pluggable Protocol" - ? - C:\WINDOWS\system32\mshtml.dll  (Hidden registry entry, rootkit activity | File not found)
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - ? - C:\WINDOWS\system32\mshtml.dll  (Hidden registry entry, rootkit activity | File not found)
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - ? - C:\WINDOWS\system32\mshtml.dll  (Hidden registry entry, rootkit activity | File not found)
{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Mailto Pluggable Protocol" - ? - C:\WINDOWS\system32\mshtml.dll  (Hidden registry entry, rootkit activity | File not found)
{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Resource Pluggable Protocol" - ? - C:\WINDOWS\system32\mshtml.dll  (Hidden registry entry, rootkit activity | File not found)
{76E67A63-06E9-11D2-A840-006008059382} "Microsoft HTML Resource Pluggable Protocol" - ? - C:\WINDOWS\system32\mshtml.dll  (Hidden registry entry, rootkit activity | File not found)
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - ? - C:\WINDOWS\system32\itss.dll  (Hidden registry entry, rootkit activity | File not found)
{9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - ? - C:\WINDOWS\system32\itss.dll  (Hidden registry entry, rootkit activity | File not found)
{79eac9e6-baf9-11ce-8c82-00aa004ba90b} "mk: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\urlmon.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - ? - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll  (Hidden registry entry, rootkit activity | File not found)
{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} "WiaProtocol Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wiascr.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{438755C2-A8BA-11D1-B96B-00A0C90312E1} "Browseui preloader" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{8C7461EF-2B13-11d2-BE35-3078302C2030} "Component Categories cache daemon" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll  (Hidden registry entry, rootkit activity)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{01E04581-4EEE-11d0-BFE9-00AA005B4383} "&Adresse" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{F2CF5485-4E02-4f68-819C-B92DE9277049} "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{32714800-2E5F-11d0-8B85-00AA0044F941} "&Nach Personen..." - ? - C:\Programme\Outlook Express\wabfind.dll  (Hidden registry entry, rootkit activity | File not found)
{7e653215-fa25-46bd-a339-34a2790f3cb7} "Accessible" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{88C6C381-2E85-11D0-94DE-444553540000} "ActiveX Cache Folder" - ? - C:\WINDOWS\system32\occache.dll  (Hidden registry entry, rootkit activity | File not found)
{A08C11D2-A228-11d0-825B-00AA005B4383} "Address EditBox" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{85BBD920-42A0-1069-A2E4-08002B30309D} "Aktenkoffer" - ? - syncui.dll  (Hidden registry entry, rootkit activity | File not found)
{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} "Audio Media Properties Handler" - ? - C:\WINDOWS\system32\shmedia.dll  (Hidden registry entry, rootkit activity | File not found)
{91EA3F8B-C99B-11d0-9815-00C04FD91972} "Augmented Shell Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{6413BA2C-B461-11d1-A18A-080036B11A03} "Augmented Shell Folder 2" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} "Ausführen..." - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} "Automatische Diashowwiedergabe der Shell" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{87D62D94-71B3-4b9a-9489-5FE6850DC73E} "Avi Properties Handler" - ? - C:\WINDOWS\system32\shmedia.dll  (Hidden registry entry, rootkit activity | File not found)
{F61FFEC1-754F-11d0-80CA-00AA005B4383} "BandProxy" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{7A9D77BD-5403-11d2-8785-2E0420524153} "Benutzerkonten" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{add36aa8-751a-4579-a266-d66f5202ccbb} "Bestellung von Abzügen über das Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{67EA19A0-CCEF-11d0-8024-00C04FD75D13} "CDF Extension Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{7D559C10-9FE9-11d0-93F7-00AA0059CE02} "Code Download Agent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{BD472F60-27FA-11cf-B8B4-444553540000} "Compressed (zipped) Folder Right Drag Handler" - ? - C:\WINDOWS\system32\zipfldr.dll  (Hidden registry entry, rootkit activity | File not found)
{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} "Compressed (zipped) Folder SendTo Target" - ? - C:\WINDOWS\system32\zipfldr.dll  (Hidden registry entry, rootkit activity | File not found)
{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} "CompressedFolder" - ? - C:\WINDOWS\system32\zipfldr.dll  (Hidden registry entry, rootkit activity | File not found)
{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} "ConnectionAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{4CF20B46-D006-4B90-A64B-DBAA9470EFBE} "ContextMenuHandler Class" - ? - C:\Programme\Image Resizer\ImageResizer.dll  (Hidden registry entry, rootkit activity | File not found)
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (Hidden registry entry, rootkit activity | File not found)
{42071713-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Bildschirme" - "Microsoft Corporation" - C:\WINDOWS\system32\deskmon.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{42071712-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Grafikkarten" - "Microsoft Corporation" - C:\WINDOWS\system32\deskadp.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{7444C717-39BF-11D1-8CD9-00C04FC29D45} "CryptPKO Class" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptext.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{7444C719-39BF-11D1-8CD9-00C04FC29D45} "CryptSig Class" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptext.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} "Custom MRU AutoCompleted List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{CFCCC7A0-A282-11D1-9082-006008059382} "Darwin App Publisher" - ? - C:\WINDOWS\system32\appwiz.cpl  (Hidden registry entry, rootkit activity | File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll  (Hidden registry entry, rootkit activity)
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll  (Hidden registry entry, rootkit activity)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} "DfsShell Class" - ? - C:\WINDOWS\system32\dfsshlex.dll  (Hidden registry entry, rootkit activity | File not found)
{62AE1F9A-126A-11D0-A14B-0800361B1103} "Directory Context Menu Verbs" - ? - C:\WINDOWS\system32\dsuiext.dll  (Hidden registry entry, rootkit activity | File not found)
{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} "Directory Object Find" - ? - C:\WINDOWS\system32\dsquery.dll  (Hidden registry entry, rootkit activity | File not found)
{0D45D530-764B-11d0-A1CA-00AA00C16E65} "Directory Property UI" - ? - C:\WINDOWS\system32\dsuiext.dll  (Hidden registry entry, rootkit activity | File not found)
{8A23E65E-31C2-11d0-891C-00A024AB2DBB} "Directory Query UI" - ? - C:\WINDOWS\system32\dsquery.dll  (Hidden registry entry, rootkit activity | File not found)
{F020E586-5264-11d1-A532-0000F8757D7E} "Directory Start/Search Find" - ? - C:\WINDOWS\system32\dsquery.dll  (Hidden registry entry, rootkit activity | File not found)
{f92e8c40-3d33-11d2-b1aa-080036a75b03} "Display TroubleShoot CPL Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\deskperf.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{22BF0C20-6DA7-11D0-B373-00A0C9034938} "Download Status" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{60fd46de-f830-4894-a628-6fa81bc0190d} "Drop-Zielobjekt für den Fotodruck-Assistent" - ? - C:\WINDOWS\system32\photowiz.dll  (Hidden registry entry, rootkit activity | File not found)
{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} "E-Mail" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{00022613-0000-0000-C000-000000000046} "Eigenschaften für Multimediadatei" - ? - mmsys.cpl  (Hidden registry entry, rootkit activity | File not found)
{1F2E5C40-9550-11CE-99D2-00AA006E086C} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\rshx32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{4E40F770-369C-11d0-8922-00A024AB2DBB} "Erweiterung der Sicherheitsshell" - ? - dssec.dll  (Hidden registry entry, rootkit activity | File not found)
{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} "Erweiterung der Sicherheitsshell" - "Microsoft Corporation" - C:\WINDOWS\system32\rshx32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{59099400-57FF-11CE-BD94-0020AF85B590} "Erweiterung für Datenträgerkopien" - ? - diskcopy.dll  (Hidden registry entry, rootkit activity | File not found)
{88895560-9AA2-1069-930E-00AA0030EBC8} "Erweiterung für HyperTerminal-Icons" - ? -   (Hidden registry entry, rootkit activity | File not found | COM-object registry key not found)
{EFA24E64-B078-11d0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{692F0339-CBAA-47e6-B5B5-3B84DB604E87} "Extensions Manager Folder" - ? - C:\WINDOWS\system32\extmgr.dll  (Hidden registry entry, rootkit activity | File not found)
{7A80E4A8-8005-11D2-BCF8-00C04F72C717} "ExtractIcon Class" - ? - C:\WINDOWS\System32\mmcshext.dll  (Hidden registry entry, rootkit activity | File not found)
{EFA24E61-B078-11d0-89E4-00C04FC9E26E} "Favorites Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll  (Hidden registry entry, rootkit activity)
{3F30C968-480A-4C6C-862D-EFC0897BB84B} "GDI+ Dateiminiaturansicht-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{D6277990-4C6A-11CF-8D87-00AA0060F5BF} "Geplante Tasks" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "Global Folder Settings" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} "Hilfe und Support" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{FF393560-C2A7-11CF-BFF4-444553540000} "History" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{25336920-03f9-11cf-8fd0-00aa00686f13} "HTML Document" - ? - C:\WINDOWS\system32\mshtml.dll  (Hidden registry entry, rootkit activity | File not found)
{EAB841A0-9550-11cf-8C16-00805F1408F3} "HTML-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{DBCE2480-C732-101B-BE72-BA78E9AD5B27} "ICC-Profil" - ? - C:\WINDOWS\system32\icmui.dll  (Hidden registry entry, rootkit activity | File not found)
{675F097E-4C4D-11D0-B6C1-0800091AA605} "ICM-Druckerverwaltung" - ? - C:\WINDOWS\system32\icmui.dll  (Hidden registry entry, rootkit activity | File not found)
{5DB2625A-54DF-11D0-B6C4-0800091AA605} "ICM-Monitorverwaltung" - ? - C:\WINDOWS\System32\icmui.dll  (Hidden registry entry, rootkit activity | File not found)
{176d6597-26d3-11d1-b350-080036a75b03} "ICM-Scannerverwaltung" - ? - icmui.dll  (Hidden registry entry, rootkit activity | File not found)
{3028902F-6374-48b2-8DC6-9725E775B926} "IE AutoComplete" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{73CFD649-CD48-4fd8-A272-2070EA56526B} "IE BandProxy" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} "IE Custom MRU AutoCompleted List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{1C1EDB47-CE22-4bbb-B608-77B48F83C823} "IE Fade Task" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{11016101-E366-4D22-BC06-4ADA335C892B} "IE History and Feeds Shell Data Source for Windows Search" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{6CF48EF8-44CD-45d2-8832-A16EA016311B} "IE IShellFolderBand" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{4B78D326-D922-44f9-AF2A-07805C2A3560} "IE Menu Band" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{205D7A97-F16D-4691-86EF-F3075DCCA57D} "IE Menu Desk Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{44C76ECD-F7FA-411c-9929-1B77BA77F524} "IE Menu Site" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{07C45BB1-4A8C-4642-A1F5-237E7215FF66} "IE Microsoft BrowserBand" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{6038EF75-ABFC-4e59-AB6F-12D397F6568D} "IE Microsoft History AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{B31C5FAE-961F-415b-BAF0-E697A5178B94} "IE Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} "IE Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} "IE MRU AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{43886CD5-6529-41c4-A707-7B3C92C05E68} "IE Navigation Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} "IE Registry Tree Options Utility" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} "IE RSS Feeds Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{30D02401-6A81-11d0-8274-00C04FD5AE38} "IE Search Band" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{E6EE9AAC-F76B-4947-8260-A9F136138E11} "IE Shell Band Site Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} "IE Shell Rebar BandSite" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} "IE Tracking Shell Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (Hidden registry entry, rootkit activity | File not found | COM-object registry key not found)
{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} "IE4 Suite-Begrüßungsbildschirm" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{169A0691-8DF9-11d1-A1C4-00C04FD75D13} "In-pane search" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{0B124F8F-91F0-11D1-B8B5-006008059382} "Installed Apps Enumerator" - ? - C:\WINDOWS\system32\appwiz.cpl  (Hidden registry entry, rootkit activity | File not found)
{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} "Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{871C5380-42A0-1069-A2EA-08002B30309D} "Internet Name Space" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{FBF23B40-E3F0-101B-8488-00AA003E56F8} "Internet Shortcut" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{131A6951-7F78-11D0-A979-00C04FD705A2} "ISFBand OC" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} "Kabinettdatei" - ? - cabview.dll  (Hidden registry entry, rootkit activity | File not found)
{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} "Kompatibilitätsseite" - ? - SlayerXP.dll  (Hidden registry entry, rootkit activity | File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (Hidden registry entry, rootkit activity | File not found | COM-object registry key not found)
{3050f3d9-98b5-11cf-bb82-00aa00bdce0b} "MHTML Document" - ? - C:\WINDOWS\system32\mshtml.dll  (Hidden registry entry, rootkit activity | File not found)
{143A62C8-C33B-11D1-84FE-00C04FA34A14} "Microsoft Agent Character Property Sheet Handler" - ? - C:\WINDOWS\msagent\agentpsh.dll  (Hidden registry entry, rootkit activity | File not found)
{00BB2763-6A77-11D0-A535-00C04FD7D062} "Microsoft AutoComplete" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} "Microsoft Browser Architecture" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -   (Hidden registry entry, rootkit activity | File not found | COM-object registry key not found)
{7BA4C742-9E81-11CF-99D3-00AA004AE837} "Microsoft BrowserBand" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{7988B573-EC89-11cf-9C00-00AA00A14F56} "Microsoft Disk Quota UI" - ? - dskquoui.dll  (Hidden registry entry, rootkit activity | File not found)
{6A205B57-2567-4A2C-B881-F787FAB579A3} "Microsoft DocProp Inplace Calendar Control" - ? - C:\WINDOWS\system32\docprop2.dll  (Hidden registry entry, rootkit activity | File not found)
{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} "Microsoft DocProp Inplace Droplist Combo Control" - ? - C:\WINDOWS\system32\docprop2.dll  (Hidden registry entry, rootkit activity | File not found)
{A9CF0EAE-901A-4739-A481-E35B73E47F6D} "Microsoft DocProp Inplace Edit Box Control" - ? - C:\WINDOWS\system32\docprop2.dll  (Hidden registry entry, rootkit activity | File not found)
{8EE97210-FD1F-4B19-91DA-67914005F020} "Microsoft DocProp Inplace ML Edit Box Control" - ? - C:\WINDOWS\system32\docprop2.dll  (Hidden registry entry, rootkit activity | File not found)
{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} "Microsoft DocProp Inplace Time Control" - ? - C:\WINDOWS\system32\docprop2.dll  (Hidden registry entry, rootkit activity | File not found)
{883373C3-BF89-11D1-BE35-080036B11A03} "Microsoft DocProp Shell Ext" - ? - C:\WINDOWS\system32\docprop2.dll  (Hidden registry entry, rootkit activity | File not found)
{63da6ec0-2e98-11cf-8d82-444553540000} "Microsoft FTP Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\msieftp.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{00BB2764-6A77-11D0-A535-00C04FD7D062} "Microsoft History AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{5E6AB780-7743-11CF-A12B-00AA004AE837} "Microsoft Internet Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{00BB2765-6A77-11D0-A535-00C04FD7D062} "Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll  (Hidden registry entry, rootkit activity)
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - ? - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll  (Hidden registry entry, rootkit activity | File not found)
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - ? - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL  (Hidden registry entry, rootkit activity | File not found)
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - ? - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll  (Hidden registry entry, rootkit activity | File not found)
{2206CDB2-19C1-11D1-89E0-00C04FD7A829} "Microsoft OLE DB Service Component Data Links" - ? - C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll  (Hidden registry entry, rootkit activity | File not found)
{03C036F1-A186-11D0-824A-00AA005B4383} "Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{3C374A40-BAE4-11CF-BF7D-00AA006946EE} "Microsoft Url History Service" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{8856f961-340a-11d0-a96b-00c04fd705a2} "Microsoft Web Browser" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{A6FD9E45-6E44-43f9-8644-08598F5A74D9} "Midi Properties Handler" - ? - C:\WINDOWS\system32\shmedia.dll  (Hidden registry entry, rootkit activity | File not found)
{6756A641-DE71-11d0-831B-00AA005B4383} "MRU AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{ECF03A33-103D-11d2-854D-006008059367} "MyDocs Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{ECF03A32-103D-11d2-854D-006008059367} "MyDocs Drop Target" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{4a7ded0a-ad25-11d0-98a8-0800361b1103} "MyDocs menu and properties" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{7007ACC7-3202-11D1-AAD2-00805FC1270E} "Netzwerkverbindungen" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{992CFFA0-F557-101A-88EC-00DD010CCC48} "Netzwerkverbindungen" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll  (Hidden registry entry, rootkit activity)
{10CFC467-4392-11d2-8DB4-00C04FA31A66} "Offline Files Folder Options" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{750fdf0e-2a26-11d1-a3ea-080036587f03} "Offline Files Menu" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{3EA48300-8CF6-101B-84FB-666CCB9BCD32} "OLE-Eigenschaftenseite für Dokumente" - ? - docprop.dll  (Hidden registry entry, rootkit activity | File not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll  (Hidden registry entry, rootkit activity | File not found)
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll  (Hidden registry entry, rootkit activity | File not found)
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll  (Hidden registry entry, rootkit activity | File not found)
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll  (Hidden registry entry, rootkit activity | File not found)
{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} "Ordner 'Offlinedateien'" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - ? - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL  (Hidden registry entry, rootkit activity | File not found)
{58f1f272-9240-4f51-b6d4-fd63d1618591} "Passport-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{41E300E0-78B6-11ce-849B-444553540000} "PlusPack CPL-Erweiterung" - "Microsoft Corporation" - C:\WINDOWS\system32\themeui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\Audiodev.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{D8BD2030-6FC9-11D0-864F-00AA006809D9} "PostAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{9DB7A13C-F208-4981-8353-73CC61AE2783} "Previous Versions" - "Microsoft Corporation" - C:\WINDOWS\system32\twext.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{596AB062-B4D2-4215-9F74-E9109B0A8153} "Previous Versions Property Page" - "Microsoft Corporation" - C:\WINDOWS\system32\twext.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{AF4F6510-F982-11d0-8595-00AA004CD6D8} "Registry Tree Options Utility" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{F0152790-D56E-4445-850E-4F3117DB740C} "Remote Sessions CPL Extension" - ? - C:\WINDOWS\system32\remotepg.dll  (Hidden registry entry, rootkit activity | File not found)
{3F953603-1008-4f6e-A73A-04AAC7A992F1} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{83bbcbf3-b28a-4919-a5aa-73027445d672} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{905667aa-acd6-11d2-8080-00805f6596d2} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{E211B736-43FD-11D1-9EFB-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} "Scanner und Kameras" - "Microsoft Corporation" - C:\WINDOWS\system32\wiashext.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} "Scheduling UI icon handler" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} "Scheduling UI property sheet handler" - "Microsoft Corporation" - C:\WINDOWS\system32\mstask.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{BD84B380-8CA2-1069-AB1D-08000948F534} "Schriftarten" - ? - fontext.dll  (Hidden registry entry, rootkit activity | File not found)
{D20EA4E1-3957-11d2-A40B-0C5020524152} "Schriftarten" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{9461b922-3c5a-11d2-bf8b-00c04fb93661} "Search Assistant OC" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\system32\sendmail.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} "Sendmail service" - "Microsoft Corporation" - C:\WINDOWS\system32\sendmail.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} "Set Program Access and Defaults" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{352EC2B7-8B9A-11D1-B8AE-006008059382} "Shell Application Manager" - ? - C:\WINDOWS\system32\appwiz.cpl  (Hidden registry entry, rootkit activity | File not found)
{0A89A860-D7B1-11CE-8350-444553540000} "Shell Automation Inproc Service" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{ECD4FC4E-521C-11D0-B792-00A0C90312E1} "Shell Band Site Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{ECD4FC4C-521C-11D0-B792-00A0C90312E1} "Shell DeskBar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} "Shell DeskBarApp" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} "Shell DocObject Viewer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll  (Hidden registry entry, rootkit activity)
{60254CA5-953B-11CF-8C96-00AA00B8708C} "Shell Extension For Windows Script Host" - "Microsoft Corporation" - C:\WINDOWS\system32\wshext.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - ? - C:\WINDOWS\system32\dfshim.dll  (Hidden registry entry, rootkit activity | File not found)
{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "Shell Image Data Factory" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "Shell Image Property Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{e84fda7c-1d6a-45f6-b725-cb260c236066} "Shell Image Verbs" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} "Shell properties for a DS object" - ? - C:\WINDOWS\system32\dsquery.dll  (Hidden registry entry, rootkit activity | File not found)
{ECD4FC4D-521C-11D0-B792-00A0C90312E1} "Shell Rebar BandSite" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{21569614-B795-46b1-85F4-E737A8DC09AD} "Shell Search Band" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{56117100-C0CD-101B-81E2-00AA004AE837} "Shell-Datenauszughandler" - ? - shscrap.dll  (Hidden registry entry, rootkit activity | File not found)
{77597368-7b15-11d0-a0c2-080036af3f03} "Shellerweiterung für Webdrucker" - "Microsoft Corporation" - C:\WINDOWS\system32\printui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (Hidden registry entry, rootkit activity | File not found | COM-object registry key not found)
{40dd6e20-7c17-11ce-a804-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - C:\WINDOWS\system32\ntshrui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "Shellerweiterungen für Freigaben" - "Microsoft Corporation" - C:\WINDOWS\system32\ntshrui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{59be4990-f85c-11ce-aff7-00aa003ca9f6} "Shellerweiterungen für Microsoft Windows-Netzwerkobjekte" - ? - ntlanui2.dll  (Hidden registry entry, rootkit activity | File not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - ? - C:\WINDOWS\system32\dfshim.dll  (Hidden registry entry, rootkit activity | File not found)
{6b33163c-76a5-4b6c-bf21-45de9cd503a1} "Shellobjekt des Webpublishing-Assistenten" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll  (Hidden registry entry, rootkit activity | File not found)
{3AFCEAFB-FFC5-403D-AD33-5914AB4B7ECC} "Sldworks Shell Extension" - ? -   (Hidden registry entry, rootkit activity | File not found | COM-object registry key not found)
{F5175861-2688-11d0-9C5E-00AA00A45957} "Subscription Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} "Subscription Mgr" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} "Suchen" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{0DF44EAA-FF21-4412-828E-260A8728E7F1} "Taskleiste und Startmenü" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{7BD29E00-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{7BD29E01-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} "The Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{acf35015-526e-4230-9596-becbe19f0ac9} "Track Popup Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} "TrayAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{7376D660-C583-11d0-A3A5-00C04FD706EC} "TridentImageExtractor" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{e57ce731-33e8-4c51-8354-bb4de9d215d1} "Universelle Plug & Play-Geräte" - "Microsoft Corporation" - C:\WINDOWS\system32\upnpui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{DD313E04-FEFF-11d1-8ECD-0000F87A470C} "User Assist" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{D20EA4E1-3957-11d2-A40B-0C5020524153} "Verwaltung" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} "Video Media Properties Handler" - ? - C:\WINDOWS\system32\shmedia.dll  (Hidden registry entry, rootkit activity | File not found)
{c5a40261-cd64-4ccf-84cb-c394da41d590} "Video Thumbnail Extractor" - ? - C:\WINDOWS\system32\shmedia.dll  (Hidden registry entry, rootkit activity | File not found)
{E4B29F9D-D390-480b-92FD-7DDB47101D71} "Wav Properties Handler" - ? - C:\WINDOWS\system32\shmedia.dll  (Hidden registry entry, rootkit activity | File not found)
{07798131-AF23-11d1-9111-00A0C98BA67D} "Web Search" - "Microsoft Corporation" - C:\WINDOWS\system32\browseui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} "WebCheck SyncMgr Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} "WebCheckChannelAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{08165EA0-E946-11CF-9C87-00AA005127ED} "WebCheckWebCrawler" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - ? - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL  (Hidden registry entry, rootkit activity | File not found)
{CC6EEFFB-43F6-46c5-9619-51D571967F7D} "Webpublishing-Assistent" - "Microsoft Corporation" - C:\WINDOWS\system32\netplwiz.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - ? - C:\Programme\Windows Desktop Search\msnlExt.dll  (Hidden registry entry, rootkit activity | File not found)
{D426CFD0-87FC-4906-98D9-A23F5D515D61} "Windows Desktop Search Outlook Express SearchProtocol Class" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\OEPH.dll  (Hidden registry entry, rootkit activity)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe  (Hidden registry entry, rootkit activity)
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe  (Hidden registry entry, rootkit activity)
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll  (Hidden registry entry, rootkit activity)
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll  (Hidden registry entry, rootkit activity)
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll  (Hidden registry entry, rootkit activity)
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe  (Hidden registry entry, rootkit activity)
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll  (Hidden registry entry, rootkit activity)
{45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - ? - C:\WINDOWS\System32\XPSSHHDR.DLL  (Hidden registry entry, rootkit activity | File not found)
{44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - ? - C:\WINDOWS\System32\XPSSHHDR.DLL  (Hidden registry entry, rootkit activity | File not found)
{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} "Windows-Sicherheit" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (Hidden registry entry, rootkit activity | File found, but it contains no detailed information)
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - ? - C:\WINDOWS\system32\wmpshell.dll  (Hidden registry entry, rootkit activity | File not found)
{8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - ? - C:\WINDOWS\system32\wmpshell.dll  (Hidden registry entry, rootkit activity | File not found)
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - ? - C:\WINDOWS\system32\wmpshell.dll  (Hidden registry entry, rootkit activity | File not found)
{9DBD2C50-62AD-11d0-B806-00C04FD706EC} "Zusammenfassungs-Miniaturansichthandler (DOCFILES)" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe  (Hidden registry entry, rootkit activity)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{35CEC8A3-2BE6-11D2-8773-92E220524153} "SysTray" - "Microsoft Corporation" - C:\WINDOWS\system32\stobject.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{e57ce738-33e8-4c51-8354-bb4de9d215d1} "UPnP Tray Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\upnpui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" - "Microsoft Corporation" - C:\WINDOWS\system32\WPDShServiceObj.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} "Get_ActiveX Control" - "Netopsystems AG" - C:\WINDOWS\DOWNLO~1\HPGETD~1.OCX  (Hidden registry entry, rootkit activity) / https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} "GpcContainer Class" - "WebEx Communications, Inc" - C:\WINDOWS\DOWNLO~1\ieatgpc.dll  (Hidden registry entry, rootkit activity) / https://solidline.webex.com/client/v_mywebex-t20-localized/support/ieatgpc.cab
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx  (Hidden registry entry, rootkit activity) / hxxp://static.pe.meinvz.net/photouploader/ImageUploader5.cab?nocache=1222359374
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_22\bin\npjpi160_22.dll  (Hidden registry entry, rootkit activity) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll  (Hidden registry entry, rootkit activity) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll  (Hidden registry entry, rootkit activity) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll  (Hidden registry entry, rootkit activity) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? -   (Hidden registry entry, rootkit activity | File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx  (Hidden registry entry, rootkit activity) / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll  (Hidden registry entry, rootkit activity) / hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
{6414512B-B978-451D-A0D8-FCFDF33E833C} "WUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wuweb.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft) / hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109846742953
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL  (Hidden registry entry, rootkit activity)
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "{1BB22D38-A411-4B13-A746-C2A4F4EC7344}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{2F85D76C-0569-466F-A488-493E6BD0E955} "dsWebAllowBHO Class" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\dsWebAllow.dll
{A3CF7606-E683-4375-A372-96B75DA0AEF7} "GdfrDUEn Class" - "TODO: <Company name>" - C:\Programme\Get Styles\enlbrdr.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" - ? -   (File not found | COM-object registry key not found)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ctfmon.exe" - "Microsoft Corporation" - C:\WINDOWS\system32\ctfmon.exe  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe  (Hidden registry entry, rootkit activity)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - C:\WINDOWS\Explorer.exe  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Userinit" - "Microsoft Corporation" - C:\WINDOWS\system32\userinit.exe  (Hidden registry entry, rootkit activity | File signed by Microsoft)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - "Microsoft Corporation" - C:\WINDOWS\system32\rdpclip.exe  (Hidden registry entry, rootkit activity | File signed by Microsoft)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min  (Hidden registry entry, rootkit activity)
"AVMWlanClient" - "AVM Berlin" - C:\Programme\avmwlanstick\FRITZWLANMini.exe  (Hidden registry entry, rootkit activity)
"HPDJ Taskbar Utility" - "HP" - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe  (Hidden registry entry, rootkit activity)
"Logitech Utility" - "Logitech Inc." - Logi_MwX.Exe  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"SoundMAXPnP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe  (Hidden registry entry, rootkit activity)
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun  (Hidden registry entry, rootkit activity)
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"  (Hidden registry entry, rootkit activity)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"hpzlnt04" - "HP" - C:\WINDOWS\system32\hpzlnt04.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDFCreator" - "internet-support foehr.com" - C:\WINDOWS\system32\pdfcmnnt.dll
"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Brother BRAdminPro Scheduler" (BRA_Scheduler) - ? - C:\Programme\Brother\BRAdmin Professional 3\bratimer.exe  (File found, but it contains no detailed information)
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1ca0e2f5c64d326)" (gupdate1ca0e2f5c64d326) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"NIHardwareService" (NIHardwareService) - "Native Instruments GmbH" - C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe
"NMSAccess" (NMSAccess) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\hpzipm12.dll
"SolidWorks Licensing Service" (SolidWorks Licensing Service) - "SolidWorks" - C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe
"SoundMAX Agent Service" (SoundMAX Agent Service (default)) - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
"TeamViewer 4" (TeamViewer4) - "TeamViewer GmbH" - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\WINDOWS\LIVING~1.SCR  (File not found)
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"NLA-Namespace" - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"NTDS" - "Microsoft Corporation" - C:\WINDOWS\System32\winrnr.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll" - "Microsoft Corporation" - C:\WINDOWS\System32\nwprovau.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"TCP/IP" - "Microsoft Corporation" - C:\WINDOWS\System32\mswsock.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

AntiVir hat DR/PSW.Cain.284.3 Dropper TR/Rootkit.Gen und TR/Crypt.XPACK.Gen2 gefunden!

Plagegeister aller Art und deren Bekämpfung: AntiVir hat DR/PSW.Cain.284.3 Dropper TR/Rootkit.Gen und TR/Crypt.XPACK.Gen2 gefunden!

AntiVir hat DR/PSW.Cain.284.3 Dropper TR/Rootkit.Gen und TR/Crypt.XPACK.Gen2 gefunden!

Ähnliche Themen: AntiVir hat DR/PSW.Cain.284.3 Dropper TR/Rootkit.Gen und TR/Crypt.XPACK.Gen2 gefunden!