Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: W3i.IQ5.fraud, PC stürzt regelmässig ab

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.03.2012, 14:11   #1
Stefan1971
 
W3i.IQ5.fraud, PC stürzt regelmässig ab - Standard

W3i.IQ5.fraud, PC stürzt regelmässig ab



Hallo!
Mit Spybot S+D kann ich W3i.Iq5.fraud (AdWareC, 8 Einträge) nicht entfernen, "unexpected error in fixing problems (Cannot create file C:/Windows/wininit.ini Zugriff verweigert)
Nachdem zuerst keine gravierenden Probleme auftauchten stürzt in letzter Zeit unvermittlet, spontan und in unregelmässigen Abständen das gesamte System ab und der Bildschirm geht ebenfalls aus, so dass ich immer komplette Neustarts machen muss. Ich bin verzweifelt und bitte um Hilfe!
Die Results von Spybot habe ich angehängt.

--- Search result list ---
W3i.IQ5.fraud: [SBI $467B1F92] Einstellungen (Registrierungsdatenbank-Schlüssel, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Freeze.com

W3i.IQ5.fraud: [SBI $678078F9] Einstellungen (Registrierungsdatenbank-Schlüssel, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\W3i

W3i.IQ5.fraud: [SBI $35D8A8B0] Programm-Verzeichnis (Verzeichnis, fixing failed)
C:\Program Files\Free Offers from Freeze.com\

W3i.IQ5.fraud: [SBI $0D979C68] Verknüpfung (Datei, nothing done)
C:\Program Files\Free Offers from Freeze.com\16700.url
Properties.size=80
Properties.md5=04D56AC64272E217875760C5C513EAB8
Properties.filedate=1287599196
Properties.filedatetext=2010-10-20 19:26:35

W3i.IQ5.fraud: [SBI $3071D5CA] Verknüpfung (Datei, nothing done)
C:\Program Files\Free Offers from Freeze.com\16714.url
Properties.size=78
Properties.md5=9431554F09FBC9AEA1C7A79CB8F8A3FF
Properties.filedate=1287599195
Properties.filedatetext=2010-10-20 19:26:34

W3i.IQ5.fraud: [SBI $8CC747E9] Textdatei (Datei, nothing done)
C:\Program Files\Free Offers from Freeze.com\control.txt
Properties.size=385
Properties.md5=097647CBDE066743501288EC23DF5E0B
Properties.filedate=1297120824
Properties.filedatetext=2011-02-08 00:20:24

W3i.IQ5.fraud: [SBI $938235D5] Bild (Datei, nothing done)
C:\Program Files\Free Offers from Freeze.com\dolphinico.ico
Properties.size=3262
Properties.md5=B4D26F879C99E3D9F4E18E25298EFA70
Properties.filedate=1287599190
Properties.filedatetext=2010-10-20 19:26:29

W3i.IQ5.fraud: [SBI $F4572031] Bild (Datei, nothing done)
C:\Program Files\Free Offers from Freeze.com\whalesico.ico
Properties.size=2238
Properties.md5=196A5FE5D758C96DBEAC20A87E9BEE5C
Properties.filedate=1287599190
Properties.filedatetext=2010-10-20 19:26:29

MyFreezeToolbar: [SBI $B8EC944E] Daten (Datei, nothing done)
C:\Program Files\Free Offers from Freeze.com\wfallsaw.ico
Properties.size=2238
Properties.md5=4C5E73008A4155913D010A78E821068E
Properties.filedate=1287599190
Properties.filedatetext=2010-10-20 19:26:29

MediaPlex: Verfolgender Cookie (Chrome: Chrome) (Cookie, fixed)


MediaPlex: Verfolgender Cookie (Chrome: Chrome) (Cookie, fixed)


DoubleClick: Verfolgender Cookie (Chrome: Chrome) (Cookie, fixed)


DoubleClick: Verfolgender Cookie (Chrome: Chrome) (Cookie, fixed)


MediaPlex: Verfolgender Cookie (Chrome: Chrome) (Cookie, fixed)


Adviva: Verfolgender Cookie (Chrome: Chrome) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-03-02 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-03-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-01-10 Includes\Malware.sbi (*)
2012-03-13 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-02-28 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-02-28 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-03-06 Includes\TrojansC-02.sbi (*)
2012-03-12 Includes\TrojansC-03.sbi (*)
2012-03-13 Includes\TrojansC-04.sbi (*)
2012-03-05 Includes\TrojansC-05.sbi (*)
2012-03-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows Vista (Build: 6002) Service Pack 2 (6.0.6002)


--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 937920
MD5: 47C1DE0A890613FFCFF1D67648EEDF90

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 37296
MD5: 826DDBBCA98F2E6CD1DFE33CEF33994C

Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
size: 209153
MD5: 29680A793F690EEF4AAA68479D2A6DF8

Located: HK_LM:Run, DivXUpdate
command: "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
file: C:\Program Files\DivX\DivX Update\DivXUpdate.exe
size: 1230704
MD5: 7636713B4F0944045AB4AF7CED5245AB

Located: HK_LM:Run, Google Desktop Search
command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 30192
MD5: 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F

Located: HK_LM:Run, Google EULA Launcher
command: C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe GE
file: C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
size: 20480
MD5: 9A18CFD5DCD3564D53D43D6F5934FCAB

Located: HK_LM:Run, Google Quick Search Box
command: "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
file: C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
size: 122368
MD5: 6B8ECBFDFE7EBD4E94D12E74646C8A89

Located: HK_LM:Run, Google Updater
command: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
file: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
size: 161336
MD5: 77CE82E61CC16F897F346B295ADC17D8

Located: HK_LM:Run, RtHDVCpl
command: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
file: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
size: 6695456
MD5: 089C928526AD18812D5C566654CDE7FE

Located: HK_LM:Run, Skytel
command: C:\Program Files\Realtek\Audio\HDA\Skytel.exe
file: C:\Program Files\Realtek\Audio\HDA\Skytel.exe
size: 1833504
MD5: AF98D9756C4F8D992AB4EA6646B63EBB

Located: HK_LM:Run, StartCCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
file: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 61440
MD5: 2659F9B422673A98D5629FA3294F5DF3

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 249064
MD5: 2E5212A0BFB98FE0167C92C76C87AFE3

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 4C784423B8F0DAE1392398356C9BE1FC

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_CU:Run, Picasa Media Detector
where: .DEFAULT...
command: C:\Program Files\Picasa2\PicasaMediaDetector.exe
file: C:\Program Files\Picasa2\PicasaMediaDetector.exe
size: 443968
MD5: EF1ECB9DF42AF6BF7514BB5EBC5C59EC

Located: HK_CU:Run, {17BAE32D-F580-5E4D-77F6-A532695E8C62}
where: S-1-5-21-3658888087-4266470633-1359848893-1000...
command: C:\Users\Reichow\AppData\Roaming\Alxyw\uhas.exe
file: C:\Users\Reichow\AppData\Roaming\Alxyw\uhas.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-3658888087-4266470633-1359848893-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C

Located: HK_CU:Run, Google Update
where: S-1-5-21-3658888087-4266470633-1359848893-1000...
command: "C:\Users\Reichow\AppData\Local\Google\Update\GoogleUpdate.exe" /c
file: C:\Users\Reichow\AppData\Local\Google\Update\GoogleUpdate.exe
size: 133104
MD5: 626A24ED1228580B9518C01930936DF9

Located: HK_CU:Run, IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
where: S-1-5-21-3658888087-4266470633-1359848893-1000...
command: "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
file: C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
size: 1828136
MD5: E4EFC2CDC71E0698CB81A4D60C3FADFF

Located: HK_CU:Run, Sidebar
where: S-1-5-21-3658888087-4266470633-1359848893-1000...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

Located: HK_CU:Run, Skype
where: S-1-5-21-3658888087-4266470633-1359848893-1000...
command: "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
file: C:\Program Files\Skype\\Phone\Skype.exe
size: 25623336
MD5: BF9EAB227D409CE1E75C23BB10CF5DBC

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-3658888087-4266470633-1359848893-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, swg
where: S-1-5-21-3658888087-4266470633-1359848893-1000...
command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD

Located: HK_CU:Run, Picasa Media Detector
where: S-1-5-18...
command: C:\Program Files\Picasa2\PicasaMediaDetector.exe
file: C:\Program Files\Picasa2\PicasaMediaDetector.exe
size: 443968
MD5: EF1ECB9DF42AF6BF7514BB5EBC5C59EC

Located: Startup (allgemein), HP Digital Imaging Monitor.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 214360
MD5: CF03C8F6F6B0D71F6E5BCE167FCF7CA6

Located: Startup (Benutzer), OpenOffice.org 3.1.lnk
where: C:\Users\Reichow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\OpenOffice.org 3\program\quickstart.exe
file: C:\Program Files\OpenOffice.org 3\program\quickstart.exe
size: 1198592
MD5: F7DCE54077EE9D8A351C4B1FFA866EE7



--- Browser helper object list ---
{0347C33E-8762-4905-BF09-768834316C61} (HP Print Enhancer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Print Enhancer
CLSID name: HP Print Enhancer
Path: C:\Program Files\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_printenhancer.dll
Short name: HPSWP_~3.DLL
Date (created): 22.10.2009 05:29:58
Date (last access): 29.01.2010 11:49:06
Date (last write): 22.10.2009 05:29:58
Filesize: 328248
Attributes: archive
MD5: 972F4608E0BA74BE1DB448947E5A9822
CRC32: C87DAD78
Version: 132.0.55458.0

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 22.09.2010 17:04:14
Date (last access): 16.09.2011 07:27:54
Date (last write): 22.09.2010 17:04:14
Filesize: 75200
Attributes: archive
MD5: 203A74767EB81F96A5166B1933DB46D0
CRC32: B0D671C9
Version: 9.4.0.195

{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 18.11.2009 10:45:28
Date (last access): 18.11.2009 10:45:28
Date (last write): 18.11.2009 10:45:28
Filesize: 329312
Attributes: archive
MD5: 98EA10E878D73C261E0C6316A3A48658
CRC32: 6CE96CBB
Version: 1.0.1.514

{326E768D-4182-46FD-9C16-1449A49795F4} (Increase performance and video formats for your HTML5 <video>)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Increase performance and video formats for your HTML5 <video>
CLSID name: DivX Plus Web Player HTML5 <video>
Path: C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\
Long name: DivXHTML5.dll
Short name: DIVXHT~1.DLL
Date (created): 23.05.2011 19:24:44
Date (last access): 27.06.2011 01:51:56
Date (last write): 23.05.2011 19:24:44
Filesize: 115072
Attributes: archive
MD5: 96AF88A09CF6B048DEA8C51BD3B4FE0F
CRC32: 184BA3B1
Version: 2.1.2.126

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Anmelde-Hilfsprogramm)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Anmelde-Hilfsprogramm
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 17.02.2009 16:11:04
Date (last access): 06.03.2009 10:54:26
Date (last write): 17.02.2009 16:11:04
Filesize: 408440
Attributes: archive
MD5: 1A82C1B9BB43385695EFC3A84F6756A2
CRC32: 75E558CA
Version: 5.0.818.6

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll
info link: hxxp://toolbar.google.com/
info source: TonyKlein
Path: C:\Program Files\Google\Google Toolbar\
Long name: GoogleToolbar_32.dll
Short name: GOOGLE~1.DLL
Date (created): 18.11.2009 10:38:06
Date (last access): 18.11.2009 10:38:06
Date (last write): 01.03.2012 08:37:50
Filesize: 192112
Attributes: archive
MD5: B2E8BB93C5E54CCFB9D7F5EE7A7A1C0A
CRC32: 866D110E
Version: 7.3.2614.234

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 21.01.2011 19:48:44
Date (last access): 30.03.2011 13:26:10
Date (last write): 09.02.2011 15:31:20
Filesize: 41760
Attributes: archive
MD5: 88E49C2B7E75B1D9695D6A063F28A8BB
CRC32: A5ABF297
Version: 6.0.240.7

{FCBCCB87-9224-4B8D-B117-F56D924BEB18} (SMTTB2009)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: SMTTB2009
CLSID name: SMTTB2009 Class
Path: C:\Program Files\Final Video Downloader FileBulldog Toolbar\
Long name: tbcore3.dll
Short name:
Date (created): 16.02.2010 16:52:06
Date (last access): 19.02.2011 12:35:58
Date (last write): 16.02.2010 16:52:06
Filesize: 2495488
Attributes:
MD5: 7B36664E7EC1781A63816490D9BED135
CRC32: 4D809A86
Version: 4.2.0.7

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HP Smart BHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Smart BHO Class
CLSID name: HP Smart BHO Class
Path: C:\Program Files\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_BHO.dll
Short name: HPSWP_~1.DLL
Date (created): 22.10.2009 05:29:56
Date (last access): 29.01.2010 11:49:06
Date (last write): 22.10.2009 05:29:56
Filesize: 517688
Attributes: archive
MD5: 4743B45C41BE35709F81BEC62FDA0AA0
CRC32: CC2D5870
Version: 132.0.55458.0



--- ActiveX list ---
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\QTPlugin.inf
Codebase: hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla

{233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\Windows\Downloaded Program Files\swdir.inf
Codebase: hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description:
classification: Legitimate
known filename: SwDir.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\System32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 25.11.2008 07:38:50
Date (last access): 18.12.2008 11:40:58
Date (last write): 05.12.2008 23:01:24
Filesize: 202168
Attributes: archive
MD5: 5DCAFAA7B98173A2F2243D372C3ADAB9
CRC32: 28A04C3F
Version: 11.0.3.471

{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class)
DPF name:
CLSID name: ActiveScan 2.0 Installer Class
Installer: C:\Windows\Downloaded Program Files\as2stubie.inf
Codebase: hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
Path: C:\Windows\Downloaded Program Files\
Long name: as2stubie.dll
Short name: AS2STU~1.DLL
Date (created): 30.06.2008 10:39:58
Date (last access): 30.06.2008 10:39:58
Date (last write): 30.06.2008 10:39:58
Filesize: 128256
Attributes: archive
MD5: BB482DD127289F0FAD474610F5A4C3E3
CRC32: 1CF0CB03
Version: 1.0.0.10

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 21.01.2011 19:48:44
Date (last access): 02.02.2011 21:46:34
Date (last write): 02.02.2011 20:40:28
Filesize: 112416
Attributes: archive
MD5: 8E66E95FCD0218767CC5953F7BA64D19
CRC32: F9A66843
Version: 6.0.240.7

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_22
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 21.01.2011 19:48:44
Date (last access): 02.02.2011 21:46:34
Date (last write): 02.02.2011 20:40:28
Filesize: 112416
Attributes: archive
MD5: 8E66E95FCD0218767CC5953F7BA64D19
CRC32: F9A66843
Version: 6.0.240.7

{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 21.01.2011 19:48:44
Date (last access): 02.02.2011 21:46:34
Date (last write): 02.02.2011 20:40:28
Filesize: 112416
Attributes: archive
MD5: 8E66E95FCD0218767CC5953F7BA64D19
CRC32: F9A66843
Version: 6.0.240.7

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_24.dll
Short name: NPJPI1~1.DLL
Date (created): 02.02.2011 18:19:42
Date (last access): 02.02.2011 21:46:44
Date (last write): 02.02.2011 20:40:34
Filesize: 141088
Attributes: archive
MD5: 1DA2629EEE65A34D54BB9741CE30DE3D
CRC32: 64BB8CA2
Version: 6.0.240.7



--- Process list ---
PID: 1244 (1256) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 01DD1004181FD46ECDC3628228EB269D
PID: 1588 (1012) C:\Windows\Explorer.EXE
size: 2926592
MD5: D07D4C3038F3578FFCE1C0237F2A1253
PID: 852 (1588) C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
PID: 1532 (1588) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
size: 6695456
MD5: 089C928526AD18812D5C566654CDE7FE
PID: 1732 (1588) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 30192
MD5: 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F
PID: 2060 (1588) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
size: 209153
MD5: 29680A793F690EEF4AAA68479D2A6DF8
PID: 2084 (1588) C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
size: 122368
MD5: 6B8ECBFDFE7EBD4E94D12E74646C8A89
PID: 2092 (1588) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 4C784423B8F0DAE1392398356C9BE1FC
PID: 2176 (1588) C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 249064
MD5: 2E5212A0BFB98FE0167C92C76C87AFE3
PID: 2340 (1588) C:\Program Files\DivX\DivX Update\DivXUpdate.exe
size: 1230704
MD5: 7636713B4F0944045AB4AF7CED5245AB
PID: 2376 (1588) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 937920
MD5: 47C1DE0A890613FFCFF1D67648EEDF90
PID: 2536 (1588) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: 9E35FF7F943AE0FB89192BFE058B7FD4
PID: 2544 (1588) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 2556 (1588) C:\Windows\ehome\ehtray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
PID: 2592 (1588) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
PID: 2608 (1588) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 214360
MD5: CF03C8F6F6B0D71F6E5BCE167FCF7CA6
PID: 2828 (1276) C:\Windows\system32\taskeng.exe
size: 171520
MD5: 3D50C4B10352367D5CB20ED1F50F8DA2
PID: 2972 (2640) C:\Program Files\OpenOffice.org 3\program\soffice.exe
size: 11322880
MD5: 11E8D8272FDBE213ADE3DAD91427CE35
PID: 3920 (2972) C:\Program Files\OpenOffice.org 3\program\soffice.bin
size: 11314688
MD5: 2337EC951C4AF6E1AF65D10BD9615BEB
PID: 4064 ( 916) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 0F4195B9B348DE5CF9B822F81704B20E
PID: 3992 ( 916) C:\Windows\System32\mobsync.exe
size: 95744
MD5: 9B89B3BB79EA1ACF041F40A7B6FC5827
PID: 3468 (1588) C:\Program Files\Mozilla Firefox\firefox.exe
size: 924632
MD5: 5AC757AE411CBC603C33C85F81F8657D
PID: 2404 (1588) C:\Program Files\Opera\Opera.exe
size: 949104
MD5: CC7001E619906A0FF78C162A0A39D5B7
PID: 3928 (2608) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
size: 184320
MD5: 80B8AE8E18FF57BE13FF4A5959DB0EC1
PID: 4028 ( 916) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
size: 569344
MD5: E343E343581F6DAEAD48D412F5CE911A
PID: 2412 ( 916) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
size: 362496
MD5: 883008A9B5BFF94A153D99DBA54CB5C1
PID: 4904 (2544) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 496 ( 4) smss.exe
size: 64000
PID: 564 ( 552) csrss.exe
size: 6144
PID: 628 ( 552) wininit.exe
size: 96768
PID: 636 ( 620) csrss.exe
size: 6144
PID: 676 ( 628) services.exe
size: 279552
PID: 692 ( 628) lsass.exe
size: 9728
PID: 700 ( 628) lsm.exe
size: 229888
PID: 784 ( 620) winlogon.exe
size: 314368
PID: 916 ( 676) svchost.exe
size: 21504
PID: 1000 ( 676) svchost.exe
size: 21504
PID: 1044 ( 676) svchost.exe
size: 21504
PID: 1140 ( 676) Ati2evxx.exe
size: 720896
PID: 1224 ( 676) svchost.exe
size: 21504
PID: 1256 ( 676) svchost.exe
size: 21504
PID: 1276 ( 676) svchost.exe
size: 21504
PID: 1344 (1224) audiodg.exe
size: 88576
PID: 1388 ( 676) svchost.exe
size: 21504
PID: 1412 ( 676) SLsvc.exe
size: 3408896
PID: 1452 ( 676) svchost.exe
size: 21504
PID: 1568 ( 676) svchost.exe
size: 21504
PID: 1672 (1140) Ati2evxx.exe
size: 720896
PID: 1876 ( 676) spoolsv.exe
size: 128000
PID: 1908 ( 676) sched.exe
PID: 1940 ( 676) svchost.exe
size: 21504
PID: 1720 (1276) taskeng.exe
size: 171520
PID: 1148 ( 676) avguard.exe
PID: 2152 ( 676) svchost.exe
size: 21504
PID: 2220 ( 676) NBService.exe
PID: 2352 ( 676) svchost.exe
size: 21504
PID: 2512 ( 676) IoctlSvc.exe
size: 81920
PID: 2900 ( 676) svchost.exe
size: 21504
PID: 2924 ( 676) svchost.exe
size: 21504
PID: 2936 ( 676) RichVideo.exe
PID: 3040 (2852) GoogleCrashHandler.exe
PID: 3280 ( 676) svchost.exe
size: 21504
PID: 3328 ( 676) svchost.exe
size: 21504
PID: 3364 ( 676) SearchIndexer.exe
size: 441344
PID: 3472 ( 676) SDWinSec.exe
PID: 3772 (1256) WUDFHost.exe
size: 142336
PID: 2112 ( 676) svchost.exe
size: 21504


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 15.03.2012 13:19:16

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
hxxp://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
hxxp://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
hxxp://www.goingpublic.de/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
hxxp://www.aldi.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
hxxp://www.google.com/search/?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
hxxp://www.bigseekpro.com/finalvdfilebulldog/{9B722CA1-83E0-4FFB-8904-CE6FC9C2825C}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
hxxp://www.aldi.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
hxxp://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Namespace Provider 1: E-Mail-Namenshimanbieter
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP-Wolken-Namespaceanbieter
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP-Namen-Namespaceanbieter
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:



--- Uninstall list ---


--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking 4.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI-Treiber
Image path: system32\drivers\acpi.sys
Image size: 265688
Image MD5: 82B296AE1892FE3DBEE00C9CF92F8AC7
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): adp94xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adp94xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpu160m.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu320
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpu320.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): AeLookupSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
Description: @%SystemRoot%\system32\aelupsvc.dll,-2
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Ancilliary Function Driver for Winsock
Description: Ancilliary Function Driver for Winsock
Image path: \SystemRoot\system32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AGP Bus Filter
Image path: \SystemRoot\system32\drivers\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ahcix86s
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\ahcix86s.sys
Image size: 183312
Image MD5: 03081E98C515CB838434D252F407F6E8
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\djsvs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Alg.exe,-112
Description: @%SystemRoot%\system32\Alg.exe,-113
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 59392
Image MD5: A1545B731579895D8CC44FC0481C1192
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): aliide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\aliide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): amdagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD AGP Bus Filter Driver
Image path: \SystemRoot\system32\drivers\amdagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\amdide.sys
Image size: 10632
Image MD5: F12456AD77B1C32D8C5CA51927872850
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): AmdK7
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K7 Processor Driver
Image path: \SystemRoot\system32\drivers\amdk7.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdK8
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K8 Processor Driver
Image path: \SystemRoot\system32\drivers\amdk8.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AntiVirSchedulerService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira AntiVir Planer
Description: Dienst zur Steuerung von Avira AntiVir Personal - Free Antivirus Prüfaufträgen und Updates.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir Desktop\sched.exe"
Image size: 108289
Image MD5: 9015BC03F62940527EC92D45EE89E46F
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): AntiVirService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira AntiVir Guard
Description: Bietet permanenten Schutz vor Viren und Malware mit der AntiVir Suchengine.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir Desktop\avguard.exe"
Image size: 185089
Image MD5: B8720A787C1223492E6F319465E996CE
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): Appinfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appinfo.dll,-100
Description: @%systemroot%\system32\appinfo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,ProfSvc

Service (registry key): arc
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\arc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): arcsas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\arcsas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32000
Description: @%systemroot%\system32\rascfg.dll,-32000
Image path: system32\DRIVERS\asyncmac.sys
Image size: 17408
Image MD5: 53B202ABEE6455406254444303E87BE1
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IDE-Kanal
Image path: system32\drivers\atapi.sys
Image size: 19944
Image MD5: 1F05B78AB91C9075565A9D8A4B880BC4
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Ati External Event Utility
Registry path: \SYSTEM\CurrentControlSet\Services\
Object name: LocalSystem
Image path: %SystemRoot%\system32\Ati2evxx.exe
Image size: 720896
Image MD5: 2039E24FE00639A9123DCD6F22D42D74
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): Atierecord
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): atikmdag
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\atikmdag.sys
Image size: 4179968
Image MD5: D2E9ACB68FA61C911CC21E07F87705BF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): AtiPcie
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ATI PCI Express (3GIO) Filter
Image path: system32\DRIVERS\AtiPcie.sys
Image size: 14352
Image MD5: 5A1465AD2E7C1BC39CDA12A355329096
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): AudioEndpointBuilder
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-204
Description: @%SystemRoot%\System32\audiosrv.dll,-205
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): Audiosrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-200
Description: @%SystemRoot%\System32\audiosrv.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: AudioEndpointBuilder,RpcSs,MMCSS

Service (registry key): avgio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avgio
Image path: \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: FltMgr

Service (registry key): avgntflt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avgntflt
Description: Avira files mini-filter driver
Image path: system32\DRIVERS\avgntflt.sys
Image size: 56816
Image MD5: 14FE36D8F2C6A2435275338D061A0B66
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): avipbb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avipbb
Description: Avira's Driver for RootKit Detection
Image path: system32\DRIVERS\avipbb.sys
Image size: 96104
Image MD5: 6D52060B59E7D79CD2A044B6ADD1F1EF
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Beep
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BFE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bfe.dll,-1001
Description: @%SystemRoot%\system32\bfe.dll,-1002
Object name: NT AUTHORITY\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qmgr.dll,-1000
Description: @%SystemRoot%\system32\qmgr.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,EventSystem

Service (registry key): blbdrive
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\blbdrive.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): bowser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bowser
Description: Implements the datagram receiver for the computer browser browser service.
Image path: system32\DRIVERS\bowser.sys
Image size: 69632
Image MD5: 35F376253F687BDE63976CCB3F2108CA
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): BrFiltLo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Lower Filter Driver
Image path: \SystemRoot\system32\drivers\brfiltlo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrFiltUp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Upper Filter Driver
Image path: \SystemRoot\system32\drivers\brfiltup.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\browser.dll,-100
Description: @%systemroot%\system32\browser.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): Brserid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC Serial Port Interface Driver (WDM)
Image path: \SystemRoot\system32\drivers\brserid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrSerWdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother WDM Serial driver
Image path: \SystemRoot\system32\drivers\brserwdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrUsbMdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Fax Only Modem
Image path: \SystemRoot\system32\drivers\brusbmdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrUsbSer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Serial WDM Driver
Image path: \SystemRoot\system32\drivers\brusbser.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHMODEM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Serial Communications Driver
Image path: \SystemRoot\system32\drivers\bthmodem.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BTHPORT
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD/DVD File System Reader
Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
Image path: system32\DRIVERS\cdfs.sys
Image size: 70144
Image MD5: 7ADD03E75BEB9E6DD102C3081D29840A
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-ROM-Laufwerktreiber
Image path: system32\DRIVERS\cdrom.sys
Image size: 67072
Image MD5: 6B4BFFB9BECD728097024276430DB314
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): CertPropSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-11
Description: @%SystemRoot%\System32\certprop.dll,-12
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): circlass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Consumer IR Devices
Image path: \SystemRoot\system32\drivers\circlass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): CLFS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Common Log (CLFS)
Description: Common Log (CLFS)
Image path: System32\CLFS.sys
Image size: 245736
Image MD5: D7659D3B5B92C31E84E53C1431F35132
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): clr_optimization_v2.0.50727_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 66368
Image MD5: 8EE772032E2FE80A924F3B8DD5082194
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 0

Service (registry key): clr_optimization_v4.0.30319_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v4.0.30319_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Image size: 130384
Image MD5: C5A75EB48E2344ABDC162BDA79E16841
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0

Service (registry key): cmdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\cmdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): Compbatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Composite Battery Driver
Image path: \SystemRoot\system32\drivers\compbatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): COMSysApp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-947
Description: @comres.dll,-948
Object name: LocalSystem
Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 7168
Image MD5: BE01E566D1F569AAB32D0335613E1EEA
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,EventSystem,SENS

Service (registry key): crcdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Crcdisk Filter Driver
Image path: system32\drivers\crcdisk.sys
Image size: 24632
Image MD5: 741E9DFF4F42D2D8477D0FC1DC0DF871
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Crusoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Transmeta Crusoe Processor Driver
Image path: \SystemRoot\system32\drivers\crusoe.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): crypt32
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): CryptSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001
Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): DCLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): DcomLaunch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5012
Description: @oleres.dll,-5013
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): DfsC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\dfsc.sys,-101
Description: @%systemroot%\system32\drivers\dfsc.sys,-102
Image path: System32\Drivers\dfsc.sys
Image size: 75264
Image MD5: 622C41A07CA7E6DD91770F50D532CB6C
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup

Service (registry key): DFSR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @dfsrres.dll,-101
Description: @dfsrres.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\DFSR.exe
Image size: 2092544
Image MD5: 2CC3DCFB533A1035B13DCAB6160AB38B
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,EventSystem

Service (registry key): Dhcp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\dhcpcsvc.dll,-100
Description: @%SystemRoot%\system32\dhcpcsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,Tdx,Afd

Service (registry key): disk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Laufwerktreiber
Image path: system32\drivers\disk.sys
Image size: 53736
Image MD5: 5D4AEFC3386920236A548271F8F1AF6A
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Dnscache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\dnsapi.dll,-101
Description: @%SystemRoot%\System32\dnsapi.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tdx

Service (registry key): dot3svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dot3svc.dll,-1102
Description: @%systemroot%\system32\dot3svc.dll,-1103
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio,Eaphost

Service (registry key): Dot4
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MS IEEE-1284.4-Treiber
Image path: system32\DRIVERS\Dot4.sys
Image size: 131584
Image MD5: 4F59C172C094E1A1D46463A8DC061CBD
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dot4Print
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Druckerklassentreiber für IEEE-1284.4
Image path: system32\DRIVERS\Dot4Prt.sys
Image size: 16384
Image MD5: 80BF3BA09F6F2523C8F6B7CC6DBF7BD5
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): dot4usb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MS Dot4USB Filter Dot4USB Filter
Image path: system32\DRIVERS\dot4usb.sys
Image size: 36864
Image MD5: C55004CA6B419B6695970DFE849B122F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): DPS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dps.dll,-500
Description: @%systemroot%\system32\dps.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): drmkaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel-DRM-Audioentschlüsselung
Image path: system32\drivers\drmkaud.sys
Image size: 5632
Image MD5: 97FEF831AB90BEE128C9AF390E243F80
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): DXGKrnl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LDDM Graphics Subsystem
Description: Controls the underlying video driver stacks to provide fully-featured display capabilities.
Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): E1G60
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PRO/1000 NDIS 6 Adapter Driver
Image path: system32\DRIVERS\E1G60I32.sys
Image size: 118784
Image MD5: 5425F74AC0C1DBD96A1E04F17D63F94C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): EapHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\eapsvc.dll,-1
Description: @%systemroot%\system32\eapsvc.dll,-2
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,KeyIso

Service (registry key): Ecache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ReadyBoost Caching Driver
Description: ReadyBoost Caching Driver
Image path: System32\drivers\ecache.sys
Image size: 141288
Image MD5: 7F64EA048DCFAC7ACF8B4D7B4E6FE371
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): ehRecvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehrecvr.exe,-101
Description: @%SystemRoot%\ehome\ehrecvr.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehRecvr.exe
Image size: 292352
Image MD5: 9BE3744D295A7701EB425332014F0797
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): ehSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehsched.exe,-101
Description: @%SystemRoot%\ehome\ehsched.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehsched.exe
Image size: 131072
Image MD5: AD1870C8E5D6DD340C829E6074BF3C3F
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): ehstart
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehstart.dll,-101
Description: @%SystemRoot%\ehome\ehstart.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %windir%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): elxstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\elxstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): EmdCache
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): EMDMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\emdmgmt.dll,-1000
Description: @%SystemRoot%\system32\emdmgmt.dll,-1001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: rpcss,ecache,slsvc,fileinfo

Service (registry key): ErrDev
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Hardware Error Device Driver
Image path: \SystemRoot\system32\drivers\errdev.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ESENT
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Eventlog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wevtsvc.dll,-200
Description: @%SystemRoot%\system32\wevtsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2450
Description: @comres.dll,-2451
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): exfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: exFAT File System Driver
Description: exFAT File System Driver
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): fastfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FAT12/16/32 File System Driver
Description: Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): fdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Controller Driver
Image path: system32\DRIVERS\fdc.sys
Image size: 25088
Image MD5: AFE1E8B9782A0DD7FB46BBD88E43F89A
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): fdPHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fdPHost.dll,-100
Description: @%systemroot%\system32\fdPHost.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,http

Service (registry key): FDResPub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fdrespub.dll,-100
Description: @%systemroot%\system32\fdrespub.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,http

Service (registry key): FileInfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: File Information FS MiniFilter
Description: Collects information about files in memory to be consumed by other system services.
Image path: system32\drivers\fileinfo.sys
Image size: 58936
Image MD5: A8C0139A884861E3AAE9CFE73B208A9F
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Depends On services: fltmgr

Service (registry key): Filetrace
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FileTrace
Description: ETW File Trace Filter
Image path: system32\drivers\filetrace.sys
Image size: 27648
Image MD5: 0AE429A696AECBC5970E3CF2C62635AE
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): flpydisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Driver
Image path: system32\DRIVERS\flpydisk.sys
Image size: 20480
Image MD5: 85B7CF99D532820495D68D747FDA9EBD
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): FltMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\drivers\fltmgr.sys
Image size: 190424
Image MD5: 01334F9EA68E6877C4EF05D3EA8ABB05
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 3

Service (registry key): FontCache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\FntCache.dll,-100
Description: @%systemroot%\system32\FntCache.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): FontCache3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\PresentationHost.exe,-3309
Description: @%SystemRoot%\system32\PresentationHost.exe,-3310
Object name: NT Authority\LocalService
Image path: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Image size: 43904
Image MD5: C7FBDD1ED42F82BFA35167A5C9803EA3
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): Fs_Rec
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 8
Error Control: 0

Service (registry key): gagp30kx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
Image path: \SystemRoot\system32\drivers\gagp30kx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): GEARAspiWDM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: GEAR ASPI Filter Driver
Image path: system32\DRIVERS\GEARAspiWDM.sys
Image size: 23400
Image MD5: F2F431D1573EE632975C524418655B84
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): GoogleDesktopManager-051210-111108
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Google Desktop Manager 5.9.1005.12335
Description: Aktualisiert Google Desktop mit den neuesten Sicherheitsverbesserungen, Erweiterungen und Funktionen. Dieser Dienst wird nur gelegentlich ausgeführt und wirkt sich nicht nachteilig auf die Leistung Ihres Computers aus. Wenn dieser Dienst angehalten oder deaktiviert wird, funktioniert Google Desktop möglicherweise nicht ordnungsgemäß.
Object name: LocalSystem
Image path: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"
Image size: 30192
Image MD5: 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): gpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @gpapi.dll,-112
Description: @gpapi.dll,-113
Object name: LocalSystem
Image path: %windir%\system32\svchost.exe -k GPSvcGroup
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS,Mup

Service (registry key): gupdate
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Google Update Service (gupdate)
Description: Hält Ihre Google-Software auf dem neuesten Stand. Falls dieser Service deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Dieser Service deinstalliert sich selbst, wenn er nicht von einer Google-Software verwendet wird.
Object name: LocalSystem
Image path: "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
Image size: 133104
Image MD5: 626A24ED1228580B9518C01930936DF9
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): gupdatem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Google Update-Dienst (gupdatem)
Description: Hält Ihre Google-Software auf dem neuesten Stand. Falls dieser Service deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Dieser Service deinstalliert sich selbst, wenn er nicht von einer Google-Software verwendet wird.
Object name: LocalSystem
Image path: "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
Image size: 133104
Image MD5: 626A24ED1228580B9518C01930936DF9
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): gusvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Google Software Updater
Description: Mit Google Updater bleibt Ihre Google-Software stets auf dem neuesten Stand. Wird der Google Updater-Service deaktiviert oder angehalten, so wird Ihre Google-Software nicht mehr aktualisiert, was dazu führen kann, dass etwaige Sicherheitslücken nicht geschlossen werden und bestimmte Funktionen nicht mehr verfügbar sind.
Object name: LocalSystem
Image path: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
Image size: 194104
Image MD5: 408DDD80EEDE47175F6844817B90213E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): HdAudAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst
Image path: system32\drivers\HdAudio.sys
Image size: 235520
Image MD5: CB04C744BE0A61B1D648FAED182C3B59
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HDAudBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft-UAA-Bustreiber für High Definition Audio
Image path: system32\DRIVERS\HDAudBus.sys
Image size: 561152
Image MD5: 062452B7FFD68C8C042A6261FE8DFF4A
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HidBth
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Bluetooth HID Miniport
Image path: \SystemRoot\system32\drivers\hidbth.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): HidIr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Infrared HID Driver
Image path: \SystemRoot\system32\drivers\hidir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): hidserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\hidserv.dll,-101
Description: @%SystemRoot%\System32\hidserv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): HidUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft HID Class-Treiber
Image path: system32\DRIVERS\hidusb.sys
Image size: 12800
Image MD5: CCA4B519B17E23A00B826C55716809CC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): hkmsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\kmsvc.dll,-6
Description: @%SystemRoot%\system32\kmsvc.dll,-7
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): HpCISSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\hpcisss.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): hpqcxs08
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: hpqcxs08
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k hpdevmgmt
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): hpqddsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HP CUE DeviceDiscovery Service
Description: Von diesem Dienst werden CUE-Geräte auf Ihrem System erkannt und überwacht.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k hpdevmgmt
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HTTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: system32\drivers\HTTP.sys
Image size: 411648
Image MD5: F870AA3E254628EBEAFE754108D664DE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): i2omp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\i2omp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): i8042prt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: i8042-Tastatur- und PS/2-Mausanschluss-Treiber
Image path: system32\DRIVERS\i8042prt.sys
Image size: 54784
Image MD5: 22D56C8184586B7A1F6FA60BE5F5A2BD
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): iaStorV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel RAID Controller Vista
Image path: \SystemRoot\system32\drivers\iastorv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): idsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193
Description: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192
Object name: LocalSystem
Image path: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Image size: 879448
Image MD5: 98477B08E61945F974ED9FDC4CB6BDAB
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): iirsp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\iirsp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): IKEEXT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ikeext.dll,-501
Description: @%SystemRoot%\system32\ikeext.dll,-502
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: BFE

Service (registry key): inetaccs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): IntcAzAudAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service for Realtek HD Audio (WDM)
Image path: system32\drivers\RTKVHDA.sys
Image size: 2246560
Image MD5: FD1D5F1609126831F49D6CFBB61F9DDD
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): intelide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\intelide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): intelppm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel Processor Driver
Image path: system32\DRIVERS\intelppm.sys
Image size: 41472
Image MD5: 224191001E78C89DFA78924C3EA595FF
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): IPBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\IPBusEnum.dll,-102
Description: @%systemroot%\system32\IPBusEnum.dll,-103
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,fdPHost

Service (registry key): IpFilterDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32013
Description: @%systemroot%\system32\rascfg.dll,-32013
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 47616
Image MD5: 62C265C38769B864CB25B4BCF62DF6C3
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): iphlpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\iphlpsvc.dll,-200
Description: @%SystemRoot%\system32\iphlpsvc.dll,-201
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k NetSvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS,Tdx,winmgmt,tcpip,nsi

Service (registry key): IpInIp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: system32\DRIVERS\ipinip.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IPMIDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\ipmidrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): IPNAT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: system32\DRIVERS\ipnat.sys
Image size: 100864
Image MD5: 8793643A67B42CEC66490B2A0CF92D68
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IRENUM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IR Bus Enumerator
Description: IR Bus Enumerator
Image path: system32\drivers\irenum.sys
Image size: 13312
Image MD5: 109C0DFB82C3632FBD11949B73AEEAC9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): isapnp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PnP ISA/EISA Bus Driver
Image path: \SystemRoot\system32\drivers\isapnp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): iScsiPrt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: iScsiPort-Treiber
Image path: system32\DRIVERS\msiscsi.sys
Image size: 180712
Image MD5: 232FA340531D940AAC623B121A595034
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): iteatapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ITEATAPI_Service_Install
Image path: \SystemRoot\system32\drivers\iteatapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): iteraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ITERAID_Service_Install
Image path: \SystemRoot\system32\drivers\iteraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): kbdclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Tastaturklassentreiber
Image path: system32\DRIVERS\kbdclass.sys
Image size: 35384
Image MD5: 37605E0A8CF00CBBA538E753E4344C6E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): kbdhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Tastatur-HID-Treiber
Image path: system32\DRIVERS\kbdhid.sys
Image size: 15872
Image MD5: 18247836959BA67E3511B62846B9C2E0
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): KeyIso
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @keyiso.dll,-100
Description: @keyiso.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 9728
Image MD5: A3E186B4B935905B829219502557314E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): KSecDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\ksecdd.sys
Image size: 440192
Image MD5: 2B2F1638466E8CB091400C9019CC730E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): KtmRm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2946
Description: @comres.dll,-2947
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): LanmanServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-100
Description: @%systemroot%\system32\srvsvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: SamSS,Srv

Service (registry key): LanmanWorkstation
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-100
Description: @%systemroot%\system32\wkssvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Bowser,MRxSmb10,MRxSmb20,NSI

Service (registry key): ldap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): lltdio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Link-Layer Topology Discovery Mapper I/O Driver
Image path: system32\DRIVERS\lltdio.sys
Image size: 47104
Image MD5: D1C5883087A0C3F1344D9D55A44901F6
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1


Service (registry key): lltdsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\lltdres.dll,-1
Description: @%SystemRoot%\system32\lltdres.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,lltdio

Service (registry key): lmhosts
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\lmhsvc.dll,-101
Description: @%SystemRoot%\system32\lmhsvc.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): Lsa
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): LSI_FC
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\lsi_fc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): LSI_SAS
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\lsi_sas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): LSI_SCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\lsi_scsi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): luafv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: UAC File Virtualization
Description: Virtualizes file write failures to per-user locations.
Image path: \SystemRoot\system32\drivers\luafv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1
Depends On services: FltMgr

Alt 16.03.2012, 17:52   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
W3i.IQ5.fraud, PC stürzt regelmässig ab - Standard

W3i.IQ5.fraud, PC stürzt regelmässig ab



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 19.03.2012, 12:21   #3
Stefan1971
 
W3i.IQ5.fraud, PC stürzt regelmässig ab - Standard

W3i.IQ5.fraud, PC stürzt regelmässig ab



Vollscan bei erneutem Versuch nach vorherigem Absturz abgeschlossen. Neustart arbeitsbedingt erst abends möglich, Löschen hat daher offenbar nicht funktioniert, Kopie mbam-log, das sich geöffnet hatte.
Insgesamt 5 infizierte Dateien, davon 3 Files und 2 Registry Values.
---------------

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.19.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Reichow :: STEFANREICHOW [Administrator]

Schutz: Aktiviert

19.03.2012 09:37:58
mbam-log-2012-03-19 (09-37-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 467444
Laufzeit: 2 Stunde(n), 32 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{17BAE32D-F580-5E4D-77F6-A532695E8C62} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Reichow\AppData\Roaming\Alxyw\uhas.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Daten: hxxp://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Reichow\AppData\Local\Temp\7a3k793.exe (Rootkit.TDSS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
c:\users\reichow\documents\downloads\unconfirmed 70188.download (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
c:\users\reichow\documents\downloads\unconfirmed 99221.download (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
__________________

Alt 19.03.2012, 12:28   #4
Stefan1971
 
W3i.IQ5.fraud, PC stürzt regelmässig ab - Standard

W3i.IQ5.fraud, PC stürzt regelmässig ab



Sollte der PC wieder abstürzen könnte ich die Löschung vornehmen aber nach Klicken Neustart? auf "Nein" ist malware zurück auf das Anfangsbild gesprungen. Muss ich dann erneut den Vollscan abends machen oder sind die zu löschenden Dateien abrufbar und löschbar gespeichert?
Die Abstürze scheinen insbesondere bei zusätzlichem Streaming von Internet-TV-Sendungen wie bloomberg.tv unabhängig von den jeweils genutzten Browsern aufzutreten, entweder bereits nach wenigen Minuten oder bis zu vielen Stunden, seitdem ich heute die Browser ohne Aufruf von Internet-TV-Sendern laufen lasse bisher stabil.

Alt 19.03.2012, 16:53   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
W3i.IQ5.fraud, PC stürzt regelmässig ab - Standard

W3i.IQ5.fraud, PC stürzt regelmässig ab



Die Logs solltest du in CODE-Tags posten!
Was ist mit ESET?

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.03.2012, 22:42   #6
Stefan1971
 
W3i.IQ5.fraud, PC stürzt regelmässig ab - Standard

W3i.IQ5.fraud, PC stürzt regelmässig ab



ESET nach Total-Absturz hängt seit über einer Stunde bei 46% bei Target:
C:/Users/Name/Downloads/OOo_3.3.0_Win_x86_install-wJRE_de.exe
Files scanned: 117651
Infected Files: 20
Total scan time: 02:30:00

jetzt werden wieder neue Files gescanned nach sehr langer Pause...
Befürchte erneuten Totalabsturz vor Completion...

Alt 19.03.2012, 22:45   #7
Stefan1971
 
W3i.IQ5.fraud, PC stürzt regelmässig ab - Standard

W3i.IQ5.fraud, PC stürzt regelmässig ab



Sollte ich hiernach (oder parallel?) malware erneut vollscannen lassen samt Neustart um die Schadprogramme zu reduzieren?

Alt 20.03.2012, 00:44   #8
Stefan1971
 
W3i.IQ5.fraud, PC stürzt regelmässig ab - Standard

W3i.IQ5.fraud, PC stürzt regelmässig ab



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

Scheint nicht fkt. zu haben, nach Vollscan weiterhin 20 infected files wie nach 46% bereits.

Alt 20.03.2012, 00:58   #9
Stefan1971
 
W3i.IQ5.fraud, PC stürzt regelmässig ab - Standard

W3i.IQ5.fraud, PC stürzt regelmässig ab



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251

Nach erneutem ESEC Start s.o., Häkchen bei Scan Archives hatte ich korrekt gesetzt und bei Remove ... manuell entfernt jeweils vor Klick auf Start. Warum wurden die 20 Files nicht archiviert?

Alt 20.03.2012, 14:17   #10
Stefan1971
 
W3i.IQ5.fraud, PC stürzt regelmässig ab - Standard

W3i.IQ5.fraud, PC stürzt regelmässig ab



ESET ist diesmal bei nachfolgendem Screenshot stehengeblieben, bisher kein PC-Absturz heute.

hxxp://www.eset.com/online-scanner-popup/

Scanning... Step 3 out of 4
Computer scan in progress... 100%
Target: Operating memory
Files scanned; 227110
Infected Files: 20
Total scan time: 10:16:16
Last scan time: 03:45:27

Current scan result:
Threats found!
multiple threasts
mutliple threasts ....
--------------

Beispiele beobachtet bei Scanning:

C:/Users/Name/Downloads/OOo_3.3.0_Win_x86_install_wJRE_de(2).ex
bei Files scanned 117650
C:/Users/Name/Downloads/x-12-30192.exe
C:/Windows/check ser/v1.0/windows6.0-6001-serviceing-a.cab
bei Flies scanned 121499
#1 Win 32/Adware.PCConfidential application
bei Files scanned 40800 ca.
Win 32/Bagle.gen.zip.worm Anzeige Spybot S&D, Registry Helper, mehrere Nummern:4, 6, ... Avira AntiVir Personal alertete, ich habe auf !Ignorieren" geklickt.

Alt 20.03.2012, 14:35   #11
Stefan1971
 
W3i.IQ5.fraud, PC stürzt regelmässig ab - Standard

W3i.IQ5.fraud, PC stürzt regelmässig ab



Sollte ich auf "Stop" klicken oder gehen hierdurch die zu archivierenden Scan Berichte o.A. verloren?

Alt 20.03.2012, 16:38   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
W3i.IQ5.fraud, PC stürzt regelmässig ab - Standard

W3i.IQ5.fraud, PC stürzt regelmässig ab



Normalerweise stehen ALLE Funde protokolliert in dem von mir genannten Logfile in der ESET-Anleitung
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.03.2012, 16:47   #13
Stefan1971
 
W3i.IQ5.fraud, PC stürzt regelmässig ab - Standard

W3i.IQ5.fraud, PC stürzt regelmässig ab



Der Scan ist aber weiterhin quasi eingefroren in dem Stadium was ich vom Screen Shot abgeschrieben habe. Wenn ich nichts mache und der PC stürzt wieder komplett ab könnte der Scan verloren sein, wenn ich auf Stop klicke erhält man ggf. einen Bericht? Aber letztesmal war auch kein Bericht abrufbar obwohl ich die Häkchen wie instruiert gesetzt hatte. Spricht etwas dagegen auf "Stop" zu klicken, es geht seit Stunden bei der ESET Anwedung nicht voran, diese dürfte nicht von alleine wieder aktiv werden m.E..

Alt 20.03.2012, 16:51   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
W3i.IQ5.fraud, PC stürzt regelmässig ab - Standard

W3i.IQ5.fraud, PC stürzt regelmässig ab



Hast du den Vollsan im abgesicherten Modus mit Netzwerk schon getestet?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.03.2012, 17:25   #15
Stefan1971
 
W3i.IQ5.fraud, PC stürzt regelmässig ab - Standard

W3i.IQ5.fraud, PC stürzt regelmässig ab



Nein, im abgesicherten Modus war ich seit den Abstürzen noch nicht, Netzwerk habe ich keins, nur einen PC.

Antwort

Themen zu W3i.IQ5.fraud, PC stürzt regelmässig ab
antivir, antivirus, avira, bho, bildschirm, browser, computer, desktop, dllhost.exe, dnsapi.dll, downloader, entfernen, error, erweiterungen, failed, firefox, google, lanmanworkstation, mozilla, object, picasa, realtek, registry, registry key, required, rootkit, safer networking, software, system, tunnel, viren, vista, w3i.iq5.fraud, zugriff verweigert



Ähnliche Themen: W3i.IQ5.fraud, PC stürzt regelmässig ab


  1. Google - ungewöhlicher Datenverkehr entdeckt (regelmässig)
    Plagegeister aller Art und deren Bekämpfung - 28.05.2015 (5)
  2. Fraud.AVSecuritySuite
    Plagegeister aller Art und deren Bekämpfung - 16.11.2013 (13)
  3. Windows 8 Laptop Crasht regelmässig ab
    Alles rund um Windows - 26.08.2013 (19)
  4. Entfernung von w3i.Iq5.fraud
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (38)
  5. (2x) W3i.IQ5.fraud gefunden
    Mülltonne - 14.08.2012 (1)
  6. Avira: Findet regelmässig Viren/Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.03.2011 (18)
  7. Probleme mit regelmässig gehacktem WoW-Account
    Log-Analyse und Auswertung - 13.08.2010 (1)
  8. Fraud.avi ist anhänglich
    Plagegeister aller Art und deren Bekämpfung - 28.06.2010 (1)
  9. Norton/Firewall schalten sich regelmässig ab und lassen sich nicht mehr aktivieren
    Log-Analyse und Auswertung - 24.11.2009 (3)
  10. SWF/Dldr.Fraud.XD und SWF/Dldr.Fraud.XB
    Plagegeister aller Art und deren Bekämpfung - 25.06.2009 (4)
  11. swf/dldr.fraud.xb
    Log-Analyse und Auswertung - 24.06.2009 (1)
  12. TR-Dldr.FRAUD.LOA.NC
    Plagegeister aller Art und deren Bekämpfung - 03.08.2008 (1)
  13. System stürzt regelmässig ab... Hilfe!!!
    Log-Analyse und Auswertung - 13.07.2007 (10)
  14. WinAntivirus Pro 2006 Trojaner erzeugt regelmässig Popup Fenster
    Log-Analyse und Auswertung - 02.07.2006 (4)
  15. Windows regelmässig neu installieren:was bleibt ?
    Alles rund um Windows - 06.01.2006 (41)
  16. TR/Fraud.A.2
    Plagegeister aller Art und deren Bekämpfung - 05.07.2005 (26)
  17. Problem Computer "steht" regelmässig
    Log-Analyse und Auswertung - 07.11.2004 (6)

Zum Thema W3i.IQ5.fraud, PC stürzt regelmässig ab - Hallo! Mit Spybot S+D kann ich W3i.Iq5.fraud (AdWareC, 8 Einträge) nicht entfernen, "unexpected error in fixing problems (Cannot create file C:/Windows/wininit.ini Zugriff verweigert) Nachdem zuerst keine gravierenden Probleme auftauchten stürzt - W3i.IQ5.fraud, PC stürzt regelmässig ab...
Archiv
Du betrachtest: W3i.IQ5.fraud, PC stürzt regelmässig ab auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.